Privacy & Confidentiality Policy
Updated January, 2018
About this policy
For the purposes of this policy, ‘personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
If you have any questions or feedback about this policy or the way in which the Human Rights Law Centre handles personal information you can contact us on the details below. You can also request a hard copy of this policy using the details below.
The Privacy Officer
Human Rights Law Centre
Level 17, 461 Bourke Street
Melbourne VIC 3000
Ph: (03) 8636 4450 Email: firstname.lastname@example.org
What types of personal information do we collect?
The types of personal information that we collect about you will depend on the type of dealings you have with us. For example, if you:
- seek legal assistance, we may collect your name, date of birth, contact details, information about your circumstances, and information about the matter you are seeking assistance with;
- donate to the Human Rights Law Centre, we may collect your name, email address and address, payment details, amount and frequency of donations, communication preferences, and records of any contact or correspondence you have with us;
- engage with the Human Rights Law Centre on social media or on our website, we may collect your name, email address, phone number, communication preferences, as well as your any interests, opinions or preferences you provide to us;
- subscribe to the Human Rights Law Centre bulletin and other notifications on our website, we may collect your name, organisation and contact details and details about the information you access in our publications and notifications;
- attend training or an Human Rights Law Centre event, we may collect your name, organisation, contact details, payment details (if applicable) and any dietary and accessibility requirements;
- make a complaint, we may collect your name, contact details, the details of your complaint, information collected in any investigation of the matter and details of the resolution of the complaint;
- apply for a job or other position at the Human Rights Law Centre, we may collect the information you include in your application, including your cover letter, resume, contact details and referee reports.
Some personal information, such as information relating to racial or ethnic origin, religious beliefs or affiliations, health information (including mental health information and information about a disability), genetic information and whether or not you have a criminal record is sensitive and requires a higher level of protection under privacy laws. We may collect your sensitive information when we have your consent and when the collection is reasonably necessary for us to carry out one or more of our functions or activities. Sensitive information may be relevant to the delivery of our legal services.
What if you don't provide us with your personal information?
In some circumstances we allow individuals the option of not identifying themselves, or of using a pseudonym, when dealing with us (for example, when viewing our website or making general phone queries). Donations may also be made anonymously, but in this case the Human Rights Law Centre may not be able to issue a tax-deductible receipt.
The nature of the legal work done by the Human Rights Law Centre means that, generally, it is not possible for us to provide legal advice and casework services to clients or deal with witnesses or other individuals in an anonymous way.
How do we collect personal information?
We collect personal information in a number of ways, including::
- through our websites (for example, if you choose to donate to the Human Rights Law Centre online through our secure payment gateway, subscribe to updates or register to attend an event);
- when you correspond with us (for example by letter, fax, email or telephone);
- in person (for example, at job interviews and where we meet with a client to take instructions);
- from other organisations who refer you to us with your consent;
- at events and forums.
Why do we collect personal information?
The main purposes for which we collect, hold, use and disclose personal information are set out below
- recruiting staff, contractors and volunteers
- processing payments
- answering queries and resolving complaints
- evaluating our work and reporting externally to funders (confidential client personal information is not provided without consent)
Providing legal services
- assessing whether we should take on a case or provide advice or a referral
- delivering legal services
- referring clients to other organisations
- carrying out law reform and policy work
- conducting research relevant to the Human Rights Law Centre's operations
- preparing client stories for use in advocacy work and in publications (clients are not identified without consent)
- informing subscribers and about our advocacy work
- enabling supporters to take advocacy actions such as signing a petition
- disseminating media releases and alerts
Education and events
- providing legal information or resources such as our monthly bulletin Rights Agenda
- conducting training and seminars and other events
Fundraising & Marketing
- promoting our work
- seeking grants and donations
- managing donor relationships
- organising fundraising events
- reporting to funding providers (personal information that is not public is not shared without consent)
- understanding what motivates supporters to donate
- understanding which areas of our work supporters, the social media community, and people visiting our website are interested in
Communication Preferences and Direct Marketing
Direct marketing is the promotion of goods and services directly to you including through emails, phone calls, SMS and hardcopy post. Our direct marketing involves communications such as emails about our work, alerting you to publications such as advocacy reports or our annual report and communications seeking donations to our fundraising appeals.
We may contact you from time-to-time for the purpose of direct marketing if you have engaged with us in the past and provided us with your contact details (for example, by subscribing to our Rights Agenda bulletin, by making a donation, or by attending one of our events) and have not opted out of receiving communications from us. We may also use the information provided to us to communicate with you via social media.
We will only contact you for the purpose of direct marketing materials if you have consented or you would reasonably expect to receive them. We will clearly identify that the Human Rights Law Centre authorised any direct marking material and we will maintain a simple mechanism to opt-out. We will not use your sensitive information for the purposes of direct marketing unless you have given us prior consent.
We may also send direct marketing materials to potential future supporters using information sourced from public directories and partner organisations.
Opting out from receiving communications
- You can opt out from particular email communications, such as our monthly bulletin or fundraising emails, by using the unsubscribe button included in the email.
- You can opt out of receiving other communications from us by notifying us of your communication preferences by email at email@example.com, by phone on (03) 8636 4450, or by sending a letter to the Privacy Officer at the address above.
- If you receive a marketing call from us, you can opt out from receiving future calls by telling us that you no longer wish to receive these calls.
Who do we disclose your personal information to?
The nature of the services provided by the Human Rights Law Centre means that it is often necessary for us to disclose your personal information to other parties. We will ordinarily let you know who we will disclose your personal information to when we collect the information from you (unless there are practical reasons for not informing you).
Common third parties we might need to disclose your personal information to include:
- the legal providers that give legal assistance to our clients
- other community legal service providers (for file audit purposes)
- our funding providers (although personal information will only be provided with consent)
- financial institutions for payment processing
- referees whose details are provided to us by job applicants
- a court (for obtaining copies of documents relevant to your matter) our contracted service providers which include
- Our contracted service providers, which include:
- information technology service providers
- conference, function and training organisers
- marketing, communications, analytics, and research service providers
- freight and courier services
- external business advisers (such as recruitment advisors, auditors and lawyers)
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
We normally publish the names of donors who donate over a certain amount in a financial year in our annual report which is published on our website. However, donors can choose to remain anonymous when they donate online by selecting the relevant box on the web form, or by telling us when they donate by cheque or bank transfer.
Cross border disclosures
We may disclose personal information to our contracted information technology service providers that are hosted off-shore.
Storage and security of the information we hold
Client and legal records
We hold personal information in both hard copy and electronic formats. Paper files are stored in secure cabinets onsite. They may also be archived in boxes and stored offsite in secure facilities.
If you are a client, we will return any of your original documents that we have to you when your matter has been finalised. Copies of your documents will remain on your file with us and will generally be kept for 7 years after the date that your file has been closed, after which time they may be destroyed.
Hardcopy donation forms are processed as soon as practicable and securely destroyed once processed.
Supporter and transaction records
The security of your personal information is important to us. We are PCI DSS compliant and use recommended industry standards when storing and dealing with your personal and financial information.
The steps we take to secure the personal information we hold include:
- website and Salesforce (our cloud-based supporter database software) protection measures including encryption and credit card tokenisation, firewalls and anti-virus software;
- access restrictions to our computer systems and mobile devices (such as login and password protection);
- secure destruction of hard copy donation forms once the payment has been processed and the data is no longer required;
- restricted access to our office premises;
- staff training and implementation of workplace policies and procedures that cover access, storage and security of information, including ensuring appropriate care is taken to maintain security of confidential information on our premises (for example from visitors, cleaners and staff employed by the other legal agencies we share offices with) or temporarily removed from the premises (for example taken to court).
While the Human Rights Law Centre strives to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact the Human Rights Law Centre by telephone or post (contact details above).
You can also help to protect the privacy of your personal information by letting us know as soon as possible if you become aware of any security breach.
Third party websites
Links to third party websites that are not operated or controlled by the Human Rights Law Centre are provided for your convenience. The Human Rights Law Centre is not responsible for the privacy or security practices of those websites. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.
Access and correction to personal information
We will take reasonable steps to provide you with access to your personal information. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
We will take reasonable steps to correct your personal information if we are satisfied that it is inaccurate, out of date, incomplete, irrelevant or misleading. If we have provided your personal information to third parties we will also notify them of the correction if you ask us to do so, unless it is impracticable or unlawful.
Requests to access and correct your information should be made by email, post or phone using the details provided above. Note that we will need to verify your identity before processing your request. We will endeavour to respond to your request within 30 days.
If we do not agree with your request to access or correct your information, we will provide you with written reasons for our decision and available complaint mechanisms.
If you have a complaint about how the Human Rights Law Centre has collected or handled your personal information, please contact our Privacy Officer using the details provided above.
We will endeavour to respond to your complaint within 30 days of receipt of the Privacy Complaint Form (whilst complex cases may take longer to resolve, we will keep you updated on the progress of your complaint).
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Privacy Commissioner, the New South Wales Privacy Commissioner or the Victorian Health Services Commissioner.
Change of Policy