- Respecting your privacy
- What kind of personal information does OzChild collect and hold?
- How and why does OzChild collect and hold your personal information?
- How does OzChild use your personal information?
- In what circumstances will OzChild disclose your personal information?
- Who may we disclose your personal information to?
- Direct marketing
- Does OzChild disclose your personal information to overseas recipients?
- Use of Government Identifiers
- Information security and website usage
- How you can access or correct your personal information
- How you can notify us of a privacy concern or contact our Privacy Officer
In engaging staff, carers, volunteers and in the work OzChild does with children, young people and families, OzChild collects, uses and stores their personal information. OzChild is committed to ensuring personal information is kept private and confidential unless it is obligated by law to share the information. OzChild has systems in place to collect, use, store, disclose and secure the information.
This policy outlines OzChild’s personal information management practices.
Ozchild is bound by the Privacy Act 1988 (Cth), and other Federal, State and Territory based requirements.
4. Policy Statement
- 4.1 Respecting your privacy
This block contains unexpected or invalid content.Attempt Block Recovery
There may be additional privacy notices and terms that are relevant to you depending on the nature of your dealings with us (e.g. use of our online sites, involvement in specialised programs etc).
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. However, in some circumstances, this may not allow us to provide you with a service (such as program service delivery, travel arrangements etc). If you wish to deal with us anonymously, we will inform you if it is possible for an interaction to occur on that basis.
- 4.2 What kind of personal information does OzChild collect and hold?
OzChild collects the personal information from clients, families, carers, health professionals, employees, donors, volunteers, government departments, agencies, services, commissions, contractors, suppliers, visitors to our website, any apps we may use, social media and any other digital services, from members of the public or other collection methods that we may employ from time to time. Any personal information that you provide via our websites or directly is collected and managed by OzChild. The personal information that we collect, and hold (including sensitive/ health information) is what is reasonably necessary for our organisation’s functions and activities.
The types of personal information OzChild may collect includes (but is not limited to):
- date of birth;
- marital status/family details;
- next of kin;
- residential status/ address and details of all family members living in the home;
- nationality/residency status;
- email address;
- telephone numbers;
- identification details (e.g. Medicare, student, pensioner card);
- Tax File Numbers;
- passport details;
- testimonials or opinions about any person (e.g. from successful scholarship applicants and general client stories);
- records maintained by Government and institutions (e.g. school reports and records);
- income, earnings, financial status;
- photos of individuals/recordings;
- financial information (such as credit card details, bank account details);
- records of written or verbal contact with OzChild (including voice recordings of conversations);
- health information or any information about medical conditions or medical treatment (e.g. records of injuries, mental health, drug use);
- psychiatric, psychological or psychometric assessments;
- child protection or other investigation information;
- information contained in Court Orders and Child Protection reports;
- CV details or employment related information/qualifications;
- criminal history/ criminal checks (for both carers and staff) – done through Fit2Work;
- Working with Children Checks (or equivalent);
- details about hobbies or activities (e.g. sporting and lifestyle interests);
- residency status (for employment purposes);
- information for scholarship applications; and
- information related to use of online/ internet-based services such as device identifiers (IP address), location data, dates, times, file metadata, referring website, data entered and user activity (such as links clicked).
If you provide us with personal information about any third party, you must obtain that person’s permission to give us the information and inform them that you have given their information to us.
- 4.3 How and why does OzChild collect and hold your personal information?
OzChild will only collect personal information about you by lawful and fair means, and not in an unreasonably intrusive manner. OzChild only collects personal information for purposes that are directly related to our services and activities, and only when it is necessary for, or directly related to such purposes.
It is our usual practice to collect personal information about you (and possibly about your family) directly from you if this is possible (or from your authorised representative e.g. your guardian or health professional). This is done when we make a record of the personal information that is provided to us in the following ways:
- verbally or by interviews;
- through a link or form on our website (https://www.ozchild.org.au/);
- hard copy forms (e.g. sent through as ‘Working with Children’ checks);
- digital forms;
- through apps (e.g. OzChild carer app);
- medical reports;
- information provided directly to by phone;
- conferences and seminars;
- panels or education events;
- applications to volunteer;
- applications to donate;
- purchase of goods or services;
- review or comments on websites or social media;
- promotional activities/competitions;
- advertisements or offers;
- use of technology such as cookies;
- interactions in relation to employment services, human resources, and other corporate service functions;
- arrangement of travel/conferences;
- social media platforms or digital media;
- general events, gala dinners, balls (e.g. via the EventBrite platform);
- marketing, communications and fundraising initiatives;
- security, dispute resolution or training;
- complaints/legal liability claims;
- when you communicate with us (including e-mail and telephone) for security, dispute resolution and training purposes;
- when we operate video and audio surveillance devices in our premises or elsewhere;
- when you make a complaint or legal/ liability claims against us;
- contact us by telephone, mail, email, online or by any digital form or social media; and
- as part of our other general services and activities.
Some of the personal information that we hold about you will be from your direct dealings with us, but we may also collect your personal information (including your sensitive health information) from a third party (such as your health service provider), anyone authorised to act on your behalf, or a publicly available source (such as information service providers). We will only do this if you have consented to the collection of your personal information, or if you would reasonably expect us to collect your personal information in that way. We may collect personal information from our related entities and affiliates who may have collected your information in another country.
We may also collect information about you by accessing data from other sources and then analysing that data with the information that we already hold about you to learn more about your preferences and interests. If we receive information about you from a third party and it is not information that we need in respect of our business activities, we will destroy or de-identify that information (provided it is lawful for us to do so).
- 4.4 How does OzChild use your personal information?
We use your personal information for a variety of reasons including to:
- to make records of interactions with clients (i.e. parents, children, support workers etc.);
- to provide care services;
- to manage complaints/requests;
- to manage, arrange and conduct meetings with staff and external contacts;
- to apply for or to access grants/funding;
- to contact volunteers/carers;
- to brief/ involve health care providers or other professionals;
- to improve client services (including ‘market’ research and analysis);
- to monitor the quality, safety, and delivery of services (i.e. record service activity to reflect information gathered by the staff and to reflect impact of interventions and case progression);
- direct marketing (e.g. fundraising appeals);
- to sponsor events and programs;
- to generate lists of individuals (e.g. carers, volunteers);
- to allow individuals to interact via a website or by other digital means (e.g. the creation of online accounts/user IDs etc.);
- to consider applications for employment at OzChild;
- to interact with regulators and other government agencies;
- to manage and resolve any legal or other complaints;
- to investigate internal grievances or complaints and investigations;
- to carry out internal staff management and training;
- as an historic record for the people utilising the service;
- to meet requirements of funding and service agreements;
- for data and reporting requirements of the organisation; and
- to allow us to perform our other general services and activities.
Deidentified personal information may be used to comply with OzChild’s reporting obligations under various pieces of legislation and other legal obligations. Whilst you may opt to not to provide us with your personal information, you should be aware that without this personal information, we may not be able to provide you with some of our services.
- 4.5 In what circumstances will OzChild disclose your personal information?
In the course of providing our services to you, we may disclose your personal information. We only disclose personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities. We do not give it to anyone else unless one of the following applies:
- you have consented to the disclosure;
- it is otherwise required or authorised by law.
If we engage third party agents, contractors, or data processors, we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the information, before we share your personal information with them.
- 4.6 Who may we disclose your personal information to?
OzChild’s has a wide range of information sharing arrangements and relationships with its service partners, third-party contractors etc. which routinely involve the transfer of personal information (and often this is ‘sensitive’ information). We may disclose your person information to:
- organisations engaged to assist OzChild in human resource administration or to provide employee benefits (such as insurers or superannuation administrators);
- professional advisers (such as lawyers, accountants or auditors) to the extent that is reasonably required;
- payment systems operators and financial institutions;
- third party service providers that provide us with communication (e-mail) or data storage services;
- technology services including application, development and technical support, processing, storing, hosting and data analysis;
- travel agents and other travel/ event related service providers involved in the organisation of conferences and similar events;
- administrative services, including mailing services, printing, archival and contact management services;
- third party agents or contractors with whom we contract in the ordinary course of business;
- organisations authorised by OzChild to conduct promotional, research or marketing activities;
- upon lawful request from law enforcement agencies or government authorities;
- any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives; and
- to other third parties as required to allow us to perform our legitimate services and activities.
Personal information that is collected by OzChild is also shared with third parties in the following circumstances:
- in response to a subpoena;
- with Workcover (where the employee has provided consent); and
- with recruitment agencies.
Page BreakIn order to provide and arrange the provision of services we may also disclose your personal information or de-identified data to:
- Australian Bureau of Statistics (ABS);
- Workplace Gender Equality Agency (WGEA);
- Department of Families, Fairness and Housing (Victoria);
- Commission for Children and Young People (Victoria);
- Working With Children Check (NSW);
- Family and Community Services (NSW);
- Office of the Children’s Guardian (NSW)
- Department of Child Safety, Youth and Women (Qld);
- Department of Youth Justice (Qld);
- Community Services Directorate (ATC);
- Gugan Gulwan (ACT)
- ACT Together Consortium.
- ACT Ombudsman
- Department for Child Protection (SA)
In all circumstances where your personal information is disclosed, we will take reasonable steps to ensure that those third parties undertake to protect your privacy.
Information sharing legislation
In the work OzChild does with children and families, workers are sometimes allowed to share information about their clients, without their consent, such as in the following circumstances:
- For people working with children or vulnerable adults, there are various forms of legislation (ACTS) that provide for the exchange of information, without the consent of an individual, and allows for communication and cooperation between prescribed bodies, if the information relates to the safety, welfare or wellbeing of a child, young person or vulnerable adult.
- All states and territories have legislation that enables the provision of information about the safety, welfare or wellbeing of a child or young person to child protection agencies and individuals who provide information to Child Protection are protected by law to share this information without a person’s consent.
- Best practice is to always try and seek consent from individuals to share information – however, where this is not practical and there are safety and wellbeing issues – information sharing without consent is often allowed through ‘Information Sharing’ legislation.
- This Information Sharing legislation varies between jurisdictions and where relevant, it takes precedence over other legislation regulating information disclosure, such as Privacy legislation.
- The Information Sharing legislation generally provides for the exchange of information and cooperation between prescribed bodies, if the information relates to the safety, welfare or wellbeing of a child, young person, or a vulnerable adult (such as people exposed to Family Violence). This legislation often takes precedence over other legislation regulating information disclosure, such as any Privacy Legislation. This provision promotes coordination and collaboration between agencies and workers, respecting individual functions and expertise, so that children and families receive timely assistance.
- There are other situations where OzChild programs are required to share a person’s information without consent, such as when contracted by Child Protection to provide a service on their behalf, when subpoenaed to provide information or if the Police, or other legislated bodies request information.
- 4.7 Direct marketing
We are committed to compliance with all laws and requirements relating to the use of your personal information for direct marketing. When you provide your personal details (such as when you volunteer with us or make a donation), you may consent to us using your personal information for direct marketing purposes (for an indefinite period). From time to time, we may contact you with information about products and services offered by us and our related entities and our business partners or affiliates, which we think may be of interest to you.
When we contact you, it may be by mail, telephone, email, SMS or via social media. These communications may relate to products and services that we and our affiliates provide, and other products that may be of interest to you. We may also partner with advertising companies to serve you ads based on your web browsing activity, purchases and/or interests.
If you do not wish to be contacted by OzChild, please contact our Privacy Contact Officer on 03 9695 2200, email us at email@example.com or send a letter to the Privacy Officer, PO Box 1312, South Melbourne VIC 3205.
- 4.8 Does OzChild disclose your personal information to overseas recipients?
In some circumstances, OzChild may disclose your personal information to overseas recipients. If this occurs, we take steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach relevant privacy laws in relation to that information. From time to time, we will share information with a service-providers located in the United States of America (US).
Whilst our service providers are mainly located in Australia and the US, from time to time we may need to engage a service provider in a country not identified here. We may also be required to report to regulatory authorities, within or outside of Australia, as required by law. We may also disclose your personal information to regulatory authorities, within or outside of Australia.
Your personal information may be stored in a secure and/or encrypted form overseas (e.g. in data storage and cloud computing facilities operated by us or by third parties on OzChild’s behalf). By providing us with your personal information, you are agreeing to the disclosure of your personal information to third parties operating outside of Australia. OzChild will take all reasonable steps to ensure that any personal information we disclose overseas is handled in accordance with the law.
Sometimes we make the business decision to use third party platforms and services to process sales, provide web support, send marketing messages, deliver products or otherwise provide data storage and processing services. These services are hosted and managed by organisations other than us, and some of these services may be located overseas. These services may also involve geographic locations which change from time to time which include data protection and processing efficiency. Where these services are used by us, it may not be practicable for us to notify you of which country your personal information may be located in.
- 4.9 Use of Government Identifiers
OzChild will not use Government Identifiers, such as Medicare numbers, or a driver’s licence number as its own identifier of individuals.
- 4.10 Information security and website usage
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We have a number of security controls in place and we take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure.
Our computer systems may be operated and maintained by us or by our service providers. In all cases, we have rigorous information security requirements aimed at eliminating risks of unauthorised access to, and loss, misuse or wrongful alteration of, the personal information that we handle. Examples of these measures include:
- control of access to personal information through access and identity management systems (such as passwords); and
- OzChild personnel are bound by and trained on internal information security policies and are required to keep personal information secure at all times.
- OzChild has deployed an O365 platform for Exchange, Office and SharePoint which conforms to ISO 27001 standard. Our client management system (Family Journey) is in partnership with an external service provider in the sector is also designed and conforms to ISO 27001 standard. Our infrastructure sits behind Fortinet firewalls in Microsoft Azure’s cloud datacentre with strict security policies in place. All Servers reside in Microsoft Azure’s cloud environment and are backed up using DPM and can be recovered completely in case of any failure.
OzChild also has policies in place for data retention across all key areas. We keep your personal information only for as long as it is required to provide you with the services you require and to comply with legal requirements. If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information.
Our website is professionally hosted and operates in a secure environment. You should however be aware that there is always an inherent risk in transmitting your personal information via the internet.
Cookies are pieces of information that a website transfers to your computer for record-keeping purposes. Cookies help provide additional functionality to the website or to help us analyse site usage more accurately. We use information collected from cookies to better understand, customise and improve user experience with our website, services and offerings, as well as to manage our advertising. For instance, a server may set a cookie that keeps you from having to enter a password more than once during a visit to a sites. Also, we may use web analytics services that leverage cookies to help us to understand how visitors engage with and navigate our site (e.g. how and when pages in a site are visited and by how many visitors).
We are also able to offer our visitors a more customised, relevant experience on our sites using cookies, by delivering content and functionality based on your preferences and interests. If you have provided us with personal information (e.g. through a registration or a request for certain materials), we may associate this personal information with information gathered through cookies. This allows us to offer increased personalisation and functionality.
In all cases in which cookies are used, the cookie will not collect personal information except with your explicit permission. Your web browser can be set to allow you to control whether you will accept cookies, reject cookies or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognise you when you return to the website, and some website functionality may be lost. The Help section of your browser may tell you how to precent your browser from accepting cookies.
Whilst links to third party websites may be provided on our website from time to time, we are not responsible for the content or practices of these third-party websites. These links are provided for your convenience and do not represent OzChild’s endorsement of any linked third-party website.
We recommend that you check the Privacy Policies of these third parties prior to providing them with your personal information.
- 4.11 How you can access or correct your personal information
You can request access to the personal information we hold about you at any time, and we will provide you with that information unless we are prevented by law from giving it to you. If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
You will not be charged for accessing your personal information, although we may have to charge the reasonable cost of processing your request, including photocopying, administration and postage. We will advise you of any fee payable before we process your request.
If you believe that your personal information is not accurate, complete or up to date, please contact Privacy Contact Officer on 03 9695 2200, email us at firstname.lastname@example.org or send a letter to the Privacy Officer, OzChild PO Box 1312, South Melbourne VIC, 3205.
- 4.12 How you can notify us of a privacy concern or contact our Privacy Officer
- have queries, concerns or complaints about the manner in which your personal information has been collected or handled by OzChild; or
- would like to request access to or correction of the personal information we hold about you,
Please write to:
The Privacy Contact Officer
PO Box 1312, South Melbourne VIC, 3205.
We may ask you to put your request or complaint in writing, and to provide further details about it. Our Privacy Contact Officer will investigate the matter and attempt to resolve it in a timely way.
If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact the Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au.
6. Document Responsibilities
7. Related Documents/Legislation/Other
- Consent forms
- Exchange of information forms
- Privacy Act 1988 (Cth)
- Office of the Australian Information Commissioner
- NSW Children and Young Persons (Care and Protection) Act 1998 (NSW)
- VIC Children, Youth and Families Act 2005 (VIC)
- Freedom of Information Act 1982 (VIC)
- ACT Children and Young People Act 2008 (ACT)
- SA Children’s Protection Act 1993 (SA)
- QLD Child Protection Act 1999 (QLD)
8. Approval Information
Sign up to the OzChild mailing list
Stay up to date with the latest news and events.
Choose your region
Select your region to create an enhanced and personal experience.