Introduction
This Privacy Policy explains how Mums Supporting Families In Need Inc (MSFIN) handles your personal information and data. It is based on the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), which regulate the manner in which personal information is handled throughout its life cycle — from collection to use and disclosure, storage, accessibility and disposal.
This policy may change from time to time.
Table of Contents
Key points
This policy applies to Mums Supporting Families in Need Inc (MSFIN).
We do not sell your data to third parties. MSFIN treats all information collected as if it were private. We do not sell the information to anyone, including other charitable organisations that assist families, and we do not use your data for our own purposes, except as outlined in this policy.
We may share some data with trusted service providers. In order to manage and improve our services we may from time to time use a number of third party service providers; for example, we may use Google Analytics to track visits to our websites, or Facebook Pixel to track the effectiveness of our posts. These service providers are located outside of Australia and therefore the data we pass to them will be processed outside of Australia.
Most data is stored on servers located in Australia. Aside from the circumstances described in the point above, all data collected by us is stored on servers located in Australia.
We will comply with all Australian laws. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also need to access data to prevent potentially illegal activities and to screen for undesirable or abusive activity. For example, we have an automated virus scan that checks all file attachments.
In the event of a data breach or privacy incident, we will follow the requirements under the Notifiable Data Breaches Scheme. At MSFIN, we are committed to best practice data management across the information life cycle. In the event of a data breach, MSFIN will take immediate steps to contain the breach, assess the breach, remedy the breach and, if necessary, revise any data policies or processes to ensure similar issues do not arise in the future.
Definitions
In this Privacy Policy,
‘MSFIN’, ‘we’, ‘us’ and ‘our’ mean the organisation carrying on business under the name Mums Supporting Families in Need Inc.
‘Personal information’ means any information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information;
‘Sensitive information’ is a subset of personal information and means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information, including “sensitive information” as defined in the Privacy Act 1988 (Cth).
Who does this policy apply to?
MSFIN’s services and its website (www.msfin.org.au) is used by a wide range of groups and individuals. These include but are not limited to staff, volunteers, donors, social services, beneficiaries, suppliers and members of the public. The privacy provisions in this policy apply to all service and website users.
General principles
We treat your data as private information. We do not use your data for our own purposes, except in the circumstances described in this privacy policy or unless we have your express consent.
We will not share your data with another party, except where:
- We are legally compelled to provide it to a third party (e.g. provide information set out in a valid subpoena to authorities during the investigation of a criminal offence), or
- We have engaged a trusted service provider to assist us with a particular transaction (e.g. provision of a donation software platform for fundraising appeals or a financial institution for payment processing).
We will never sell your data to a third party.
Generally, we use the information we collect from you only in connection with providing our services. However, there are some other limited uses, as listed below.
How is personal information collected?
Generally we collect your personal information from you directly. MSFIN collects personal information in a number of ways including:
- through our website (including when an individual chooses to make a donation through the MSFIN website or subscribes electronically to publications);
- when individuals correspond with us (including by letter, email or phone);
- in person.
Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information when you make a donation to us. We may also collect personal information about you from your use of our website and information you provide to us through contact mailboxes or through the registration process on our website, or Facebook.
If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information. If we receive your personal information from a third party, we will contact you and make you aware of this Privacy Policy and how we obtained your personal information.
What personal information does MSFIN collect from individuals?
The kind of personal information that MSFIN collects about individuals depends on the type of dealings they have with MSFIN. For example, if a person:
- Donates items to MSFIN. MSFIN may collect their name, organisation, and contact details.
- Donates money to MSFIN. MSFIN will collect their name, organisation, contact details, the amount and frequency of their donation, and hold records relating to their donation, including payment and billing information.
- Registers for MSFIN newsletter and other offers. MSFIN may collect their name, organisation, contact details and details about the registration.
- Sends MSFIN an enquiry. MSFIN may collect their name, contact details and nature of the enquiry.
- Visits MSFIN website. MSFIN will use cookies – see further details below – and may use tools to track visits, including how individuals arrive at the website and which pages they view.
- Makes a complaint. MSFIN may collect their name, contact details, the details of their complaint, information collected in any investigation of the matter and details of the resolution of the complaint.
- Applies for a job or volunteer role at MSFIN. MSFIN may collect the information individuals included in their application, including their cover letter, resume/ CV, contact details and referee reports, their tax file number, COVID-19 vaccination status, and other identifiers used by government entities or other organisations to identify individuals, information from police checks, working with children checks (or similar), and information about their right to work in Australia.
MSFIN must only collect sensitive information where it is reasonably necessary for its functions or activities and either:
- the individual has consented; or
- MSFIN is required or authorised by or under law (including applicable privacy legislation) to do so.
As MSFIN’s services are provided indirectly to those in need (e.g. MSFIN deals with social workers who deal directly with mothers in need), it does not tend to need to collect sensitive information from any individuals.
If an individual does not wish to provide their personal information to MSFIN, in general, it will not be possible for MSFIN to deal with an individual in this way. The exceptions being individuals not identifying themselves or using a pseudonym when:
- donating goods to MSFIN directly or through another party;
- dealing with MSFIN (when viewing the MSFIN website or when making a general phone enquiry); and/or
- donating money to MSFIN but in these circumstances, MSFIN may not be able to issue a tax-deductible receipt.
Why does MSFIN collect personal information?
The main purposes for which MSFIN collects, holds, uses and discloses personal information include:
- to request donations of financial gifts, goods or services
- to respond to requests for material aid from social service agencies
- to maintain contact with our volunteers
- for administrative purposes
- for purposes of organising collections of donations
- for the engagement of service providers, contractors or suppliers relating to the operation of our organisation, or
- for other organisational purposes
MSFIN may also use your personal information for the purpose of emailing you our newsletters or posting you a thank-you note.
If you make a donation of money or goods in kind we may add you to our email distribution list, so that you receive updates and reports on the impact of your giving and other opportunities to support our cause. We may also use your personal information to send direct marketing messages, SMS or conduct telemarketing.
If you are a recipient of material aid from MSFIN your details will not be added to our email distribution list.
If you do not want to receive any communication from us, please contact us at [email protected]. You can also use the unsubscribe function to opt out of our electronic communications. If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing the material aid required.
How does MSFIN store my personal information and is it secure?
MSFIN holds personal information in a number of ways, including in hard copy documents, electronic databases, and email contact lists.
We take reasonable steps to:
- ensure the personal information that MSFIN collects and uses is accurate, up to date and (in the case of use) relevant;
- protect the personal information that is collected from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs, subject to other legal obligations and applicable retention requirements.
While MSFIN will endeavour to always exercise due care in collecting and using personal information, it cannot guarantee that unauthorised access to individuals’ personal information will not occur. In the event of a data breach or privacy incident, MSFIN will follow best practice processes and ensure that the breach is contained and remedied, and any policies and processes are updated if necessary. Further details on MSFIN’s approach are set out in the section below.
MSFIN takes the following steps to secure the personal information that it collects:
- website protection measures (including encryption, firewalls and anti-virus software);
- security restrictions on computers (including login and password protection);
- operational processes aimed at minimising the risk of a data breach (including a clean desk policy, shred all policy, secure cabinets for hard copy documents, encrypted USBs etc…)
- controlled access to MSFIN premises; and
- related policies on data governance and processes relating to information security (including restricting the use of personal information to MSFIN volunteers and employees).
What steps does MSFIN take when there is a data breach or privacy incident?
A data breach or privacy incident may result from unauthorised people accessing / disclosing, changing, losing or destroying personal information. Examples of situations where a data breach or privacy incident may occur include:
- accidental download of a virus on to a MSFIN computer
- discussing or sharing of personal information on Facebook
- non-secure disposal of hard copies of personal information (e.g. not keeping hard copies in secure cabinets or not disposing of them in a secure bin / shredder)
- leaving an unlocked smart phone on public transport.
A data breach or privacy incident can occur due to human error or technical failures, can be accidental or deliberate and can apply to information in a number of forms (e.g. electronic as well as hard copy).
In the event of a data breach or privacy incident, MSFIN will respond in the following way which is in line with the Notifiable Data Breaches Scheme in the Privacy Act 1988 (Cth):
- the breach / incident will be identified and reported to the Board President at MSFIN;
- the breach / incident will be contained so further access/disclosure/loss etc will not arise;
- the seriousness of the breach / incident will be assessed between the relevant personnel together with the Board President at MSFIN;
- regardless of the seriousness of the breach or incident, remedial action will be taken to reduce any potential harm to individuals;
- in cases where serious harm is likely, MSFIN will notify the relevant individuals, the OAIC, and issue a public statement that will be made available on its website;
- following each breach / incident, MSFIN will conduct a review of policies and processes and make any adjustments to avoid further breaches and incidents of a similar nature.
The use of cookies and web analytics
MSFIN uses cookies and web analytics to assist it with its core operations.
Cookies: “Cookies” (i.e. small text files placed on your computer when you first visit the site) are used on St Kilda Mums Inc’ websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. Cookies are primarily used to enhance your online experience. If you visit our websites to read or download information, such as news stories or articles, much of the information we do collect is statistical only (e.g., the domain from which you access the internet, the date and time you access our site, and the internet address of the website from which you linked directly to our site) and not personally identifiable. We use this information about the number of visitors and their use of the sites in aggregate form to make our sites more useful and attractive to you.
Google Analytics and Facebook Pixel: MSFIN uses these tools on its website and social media pages to track the effectiveness of its content. These tools allow us to provide measurement services and target content.
Links to third-party websites
The MSFIN website may contain links to third party websites, including sites maintained by businesses who provide us with financial support and donations for goods-in-kind. Those other websites are not subject to our privacy policies and procedures. You will need to review those websites directly to view a copy of their privacy policies. MSFIN does not endorse, approve or recommend the services or products provided on those third party websites.
Who controls the data and how do I access it or correct it?
A data controller means the legal entity or person with the right to make decisions regarding the purposes, and the methods, of processing data. This includes the security measures concerning the operation and use of the data.
Where MSFIN is the data controller, you can request access to the personal information we hold about you, or request that we change that personal information to correct it if you believe it is inaccurate, incomplete or not up-to-date.
We will allow access or make the changes to the personal information within a reasonable timeframe, unless we consider that there is a sound reason under any relevant law to withhold the information, or not make the changes.
If we do not agree to make your requested changes to personal information, you may make a statement about the requested changes, and we will attach this to the record.
If you wish to have your personal information deleted, please contact us and we will delete that information wherever practicable.
You can obtain further information about how to request access or changes to the information we hold about you by contacting us (see contact details below).
Does MSFIN disclose information to service providers or people outside of Australia?
MSFIN uses a number of service providers to handle specific types of data that we collect. Some of these service providers are located outside Australia and use servers outside Australia / in the cloud, including Facebook and Google, which are both based in the United States. If MSFIN transfers information overseas for other purposes, it will only do so with the consent of the individuals or otherwise in accordance with law.
How to contact us or make a complaint
If you would like to find out more about our Privacy Policy or the personal information, we have collected about you, or if you would like to make a complaint, please contact us by:
Emailing: [email protected]
Calling: 039776 9252
Sending a letter to us: Attention Board President, Mums Supporting Families in Need Inc, PO Box 2189, Seaford VIC 3198
We will respond to your request usually within 48 hours and, at a maximum, within 30 days of receiving it, and treat seriously any claims of privacy breaches.