The purpose of this policy is to outline the privacy practices of the St Vincent de Paul Society NSW (the Society) including how we collect and manage personal information and how individuals may access and correct records containing their personal information or make a complaint about a breach of privacy.
The St Vincent de Paul Society in Australia (‘the Society’) is a member of an international confederation. In Australia, the Society governs itself using a federated model, through St Vincent de Paul Society National Council of Australia Incorporated (National Council), six State councils (including NSW) and two Territory councils.
The St Vincent de Paul Society NSW carries out the good works of the Society in NSW.
This Policy does not apply to the personal information of employees. If you are an employee, please contact our people and culture team for more information about your privacy.
We recognise the importance of and are committed to protecting an individual’s dignity including their rights in relation to their personal information.
We are subject to the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and other Federal and State laws that protect specific types of information in service delivery, to children, older people and people with disability.
We take reasonable steps, including using appropriate language and modes of communication, to ensure that all individuals understand their rights to privacy and confidentiality and that they understand the types of, and reasons for, the collection, use, storage and disclosure of personal information.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is a type of personal information and includes health information, genetics, race, political opinion or membership, religion, philosophical beliefs, union membership, sexual preference and criminal record.
Health information includes information about physical or mental health or a disability an individual has had at any time, an individual’s express wishes about future provision of health services to him or her, any health service that has been or is to be provided to an individual, any personal information collected to provide or in providing a health service, information collected in connection with a donation or intended donation of body parts, organs or body substances, genetic information that is or could be predictive of health at any time of the individual or a relative of the individual and healthcare identifiers.
We may collect personal information about you when you contact us, apply for a job or volunteer position, make a donation, use our services or join our mailing list.
Depending on the circumstances, the type of information we collect may include (but is not limited to):
In some circumstances we may collect sensitive information in relation to individuals, including health information, for example when we provide assistance such as facilitating arrangements with, or on behalf of, individuals for financial assistance, accommodation, community engagement, medical or mental health assistance. We will collect sensitive information only with your consent, where you provide such information voluntarily or otherwise as authorised by law.
We may also collect personal information, including sensitive information, in relation to visitors to our offices or other business premises, but only as permitted or required by law.
If you do not provide certain personal information to us, then we may not be able to provide some or all of the requested services to you (or information about those services) or engage with you in connection with the good works that we do.
From time to time, we may also receive unsolicited information, being information that we have not taken active steps to collect. Examples include misdirected mail, unsolicited employment applications and promotional flyers containing personal information.
When we receive such information, we will decide within a reasonable period whether we could have collected it pursuant to the requirements in the APP. If we determine that we could not have collected the information, we will destroy or de-identify it as soon as practicable. Alternatively, if we determine that we could not have collected the information and wish to retain it, we will deal with this information in accordance with our obligations under the APP.
We collect personal information directly from the individual unless it is unreasonable or impracticable to do so. We may also collect personal information from publicly available sources.
Subject to the individual providing consent, or where permitted under applicable law, personal information may sometimes be collected from third parties such as a carer, guardian, advocate or other representative. If this is the case, then we will take reasonable steps to notify you of the circumstances for collection, as soon as practicable.
We may receive personal information from third parties who are engaged to provide limited information for marketing and fundraising purposes. Individuals may opt out of further contact at any time.
Where possible, individuals may choose to interact anonymously with us, or use a pseudonym, however this may not always be possible, in particular when seeking certain assistance or support services from us.
If we seek personal information from an individual who requires assistance to provide the information directly, we will take the necessary steps to explain the individual’s right to privacy and to obtain consent in an accessible format.
The primary purposes for which we collect, use and disclose personal information are to:
We may also collect, use and disclose personal information in connection with lawful information requests from courts, government agencies and lawyers and in connection with legal proceedings, or suspected fraud, misconduct or unlawful activity.
We handle and store personal information electronically and in hard copy form, with data secured either at our own premises or remotely.
We may contract third parties to carry out services in connection with the primary purpose for which we collect personal information and in doing so, those third parties may collect personal information, including through external software, and save personal information at their own physical premises or off site.
In all instances, a range of measures are implemented to protect the personal information from misuse, interference, loss and unauthorised disclosure.
Personal information in electronic form is stored in electronic databases that require passwords and logins. Personal information in hard copy is kept physically secure.
We take reasonable steps to destroy or de-identify personal information where it is no longer needed for a permitted purpose.
Depending on the nature of your relationship with us, your personal information may be disclosed to certain third parties for the purposes outlined in section 7 above, including the following:
We also utilise third party suppliers who are located outside of Australia and may disclose personal information to those suppliers to receive products or services which assist us to carry out our work. It is not reasonably practicable to list all of the countries to which personal information may be disclosed, but such countries may include the USA, UK and Canada.
We will ensure that any disclosure of Personal information to third parties overseas, is done in compliance with Australian privacy laws.
We use social media platforms (such as Facebook) to facilitate our business activities and functions and to post information about events and activities. Individuals who interact with us through those platforms are responsible for reviewing and accepting the applicable privacy policies prior to interacting with us. Some of the platforms may use cloud-based data storage services and / or store information overseas. The privacy laws of those countries may not provide the same level of protection as Australian privacy laws. Individuals providing information to the Society on these platforms may not be able to seek redress against these services under Australian privacy laws and may not be able to seek redress overseas.
We engage external data aggregators including Facebook and Google Analytics to identify individuals who may be interested in our campaigns and activities, based on their usage of our website. We use Google Analytics to inform and optimise content based on an individual’s past visits to our website. Google Analytics informs us about how visitors use our website based on their browsing habits, so that we can improve our website, and make it easier to find information. Google also receives this information as individuals browse our website and other websites on the Google Display Network using Remarketing. Individuals can opt-out of customised Google Display Network services and Google Analytics for Display Advertising using ad settings and can use the Google Analytics Opt-out Browser Add-on to not be tracked into Google Analytics.
Subscribers to mailing lists will be given an option to opt out of receiving further information or correspondence.
Information on visitors to our NSW website, such as IP addresses, date and time of visit, pages accessed and any information downloaded, may be recorded and used for statistical, reporting and website administration, security and maintenance purposes.
Websites operated by us utilise ‘cookies’ (small summary files containing an ID number unique to your computer). Cookies allow our system to identify and interact more effectively with other devices. Our cookies do not collect personal information. They help us to maintain the continuity of the browsing session, remember the visitor’s details and preferences if they return, and to measure traffic patterns to determine which areas of our website have been visited so that we can improve our services. Individuals can configure the web browser software to reject cookies, however some parts of the website may not have full functionality in that case.
Any personal information sent through our website or by other electronic means may be insecure in transit, particularly where no encryption is used (for example email or standard HTTP) and is transmitted at the individual’s own risk.
When we send emails or other electronic messages, we may record where the message was opened and what links were clicked to better understand what information is of interest to the viewer.
Where our website allows individuals to make comments, give feedback or make a credit card payment, we may collect email addresses and other contact details. We may use email addresses provided to respond to feedback and, on occasion, to make direct contact for surveying purposes and ongoing communication.
Our website may contain links to other sites operated by third parties. Third party websites are responsible for informing you about their own privacy practices and we are not responsible for the privacy practices or policies of those third-party sites.
An individual may formally request access to their personal information held by us at any time.
If an individual has any queries or concerns about the personal information that may be stored or they wish to access or correct any of the personal information that may be held about them, they can make a request using the contact details below:
St Vincent de Paul Society NSW
Post: PO Box 5, Petersham NSW 2049
Telephone: (02) 9568 0262
We will need to verify an individual’s identity before a response can be prepared.
When making an access or correction request, individuals are asked to provide details of the particular information being sought, to assist in locating the information.
We may also charge a fee in certain circumstances, however if this is the case, we will first notify you of the fee and provide an explanation for it.
We take privacy concerns very seriously. Where an individual expresses any concerns that we have interfered with their privacy, we will respond to let them know who will be handling their complaint and when they can expect a further response (generally within 30 days after a complaint has been received and acknowledged). Complaints will be handled in accordance with our Feedback and Complaints Policy https://www.vinnies.org.au/media/nudl4atg/feedback-and-complaints-policy.pdf.
For information about privacy generally, or if an individual has any concerns about how we have resolved a complaint regarding their personal information, individuals can contact the Office of the Australian Information Commissioner:
We will publish and update this Policy on our website (www.vinnies.org.au/nsw) and will make available a copy of this Policy on request.