The Board of the Foundation for Rural & Regional Renewal (FRRR) is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person. For this policy, personal information is distinct from sensitive and health information.
The purpose of this document is to provide a framework for FRRR in dealing with privacy considerations and to adopt the Australian Privacy Principles (APP) which were enacted in 2012 and became effective March 2014.
FRRR collects and administers a range of personal information for the purposes of recording information provided to us when people and organisations either make a donation manually or via our website, www.frrr.org.au; apply for a grant; or subscribe to our newsletter. FRRR
is committed to protecting the privacy of personal information it collects, holds and administers. FRRR does not collect sensitive or health information or unique identifiers from individuals (TFN, medicare, licence).
FRRR is bound by Australian State and Federal laws which impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information.
- Collect only information voluntarily provided to us in the process of receiving donations; applying for grants; administering and distributing grants; promoting grants; or subscribing to the FRRR newsletter;
- Use and disclose personal information only for our primary functions relating to receiving donations and distributing grants or a directly related purpose, or for another purpose with the person’s consent;
- Disclose personal information only if required to establish, exercise or defend our legal rights;
- Except for the above policy, FRRR will not supply personal information to any third party unless express consent is provided;
- Handle all website financial transactions securely through our payment services provider, Bendigo Bank, who utilize SSL encrypted files to transfer data. Credit card details will not be retained in any database;
- Store personal information securely in Australia, protecting it from unauthorised access and not store, process or transfer personal information between other countries;
- Provide access and correction to an individual’s personal information within 30 days of a request by an individual and deal with complaints in a timely manner.
- Make this information freely available in relevant publications and on the FRRR website.
- Only collect personal information that is necessary for the performance and primary function of FRRR.
- Notify stakeholders about why we collect personal information and how it is administered.
- Address stakeholders’ requests to correct personal information.
- Not request or collect sensitive information.
- Not request or collect health information.
Integrity, Quality and Security
- Take reasonable steps to ensure personal information the organisation collects is accurate, complete, up to date, and relevant to the functions we perform.
- Safeguard personal information we collect and store in Australia against misuse, loss, unauthorised access and modification. No personal or financial data will be transferred to another country.
- Only destroy records in accordance with the organisation’s Records Management Policy.
- Not utilise credit card data for any use past its initial purpose.
- Use secure banking facilities for online transactions.
Use and Disclosure
- Only use or disclose personal information for the primary purpose for which it was collected or a directly related.
For other uses, FRRR will obtain express consent from the individual.
Access and Correction
- Ensure individuals have a right to correct personal information it if it is inaccurate, incomplete, misleading or not up to date.
- Give stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.
Making information available to other organisations
- Only release personal information about a person with that person’s express permission. For personal information to be released, the person concerned must sign a release form.
- Only release personal information to third parties where it is requested by the person concerned.
Updated September 2014