Suicide Prevention Australia (SPA) respects and upholds the rights of individuals to privacy protection under the National Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act).
What personal information does SPA collect and why?
SPA collects your personal information for the purpose of its provision of services to you and for its operation and administration. The following are the main types of personal information usually collected by SPA (to the extent provided):
- Name including title and postnominals, Telephone number(s), Email address, Street Address, Fax Number
- Workplace & job title(s)
- Organisational relationships (eg CEO of ~, volunteer for ~)
- Date of Birth
- Gender, preferred personal pronoun
- Information necessary to allocate bursary, scholarship or research funds or for lived experience activities, which may include sensitive information, such as racial, cultural or ethnic origin, financial position, religious or philosophical beliefs, or details of health, disability, sexual or gender identity and/or lived experience of suicide or other mental health conditions or experience
- Academic and other professional qualifications
- Biographical information
- Dietary requirements
- Automatically-captured website logins for use of SPA websites
- Areas of interest and preferred communication modes
- Availability (for scheduling meetings etc)
- ABN and financial details (suppliers and reimbursement)
- Conference/Event/Meeting attendance records
- Records of donations made to SPA, including community fundraising
- Internet browser history, IP addresses, URLs, date/time and referrer websites for anyone visiting SPA websites
- Paid and unpaid job application and research application data (eg. CV, employment history, referee reports etc)
- Individual Members’ membership of other organisations
- Records of persons who have provided voluntary services to SPA
- Frequent Flyer numbers and other travel preferences for the purposes of making reservations
If you choose not to provide certain personal information where requested, SPA may not be able to provide you with the services you require.
How SPA collects personal information
SPA collects personal information in a number of ways, including:
- in written application forms submitted by persons wishing to be a SPA member, volunteer, fundraiser, grant, scholarship or bursary recipient, staff or committee member, director, event speaker or to register for SPA’s events, and in related referee reports (or in notes of referee comments). These forms can be submitted by mail, fax or through secure sections of our website
- directly from individuals by telephone, in person or in writing
- through surveys
- indirectly through third parties (eg information shared at a meeting where a note was made of those discussions; through a media clipping service and recorded in SPA files; from National Health & Medical Research Council or other institutions)
- automatically generated website logs such as SPA website or online surveys.
How does SPA use personal information about you?
The specific purposes for which particular personal information will be used and disclosed will be included in the collection notification for that personal information. SPA would usually collect, hold, use and disclose your personal information for the purposes for which it was collected and for related purposes (or otherwise as required or authorised by law) including for:
- sending you information (if you have subscribed or otherwise indicated that such information would be welcome);
- service and events planning and delivery;
- delivering membership benefits;
- research and development;
- assessing an applicant’s suitability for a paid or unpaid job or role;
- assessing and resolving complaints;
- monitoring website usage; and
- the administration and operation of SPA.
SPA takes reasonable steps to ensure information it collects, holds and discloses is accurate, up-to-date, complete and relevant. You may at any time contact the Privacy Officer (using firstname.lastname@example.org) to advise SPA that you:
- no longer wish to receive certain or all communications from SPA; or
- wish to update or change any of your information stored by SPA
Who does SPA disclose your personal information to?
Personal information is generally accessible by SPA staff, for whom the information will assist them in fulfilling their duties. SPA may disclose and transfer your personal information in relation to the purpose for which it was collected (as outlined in this document) and related purposes. SPA may engage local or offshore third parties to perform functions and services on its behalf, including cloud computing, hosting and customer support services. You consent to SPA sharing your personal information with such third party service providers to the extent necessary to perform these services and functions. SPA will take reasonable steps to ensure the third parties to whom it discloses personal information are bound to protect the privacy of that information. Generally, such disclosure will occur:
- in the course of business being conducted or communications between you and SPA;
- in other circumstances that are directly implied by the purpose agreed between you and SPA;
- where SPA has engaged local or offshore third party service providers, as outlined in this Policy;
- when permitted by you or at your request;
- in the course of delivery sponsorship benefits to SPA sponsors(opt-out)
- where legally required to do so; or
- where there is a duty of care by SPA
Cloud computing or other data management arrangements constitute “use” rather than “disclosure” of your personal information. The hosting provider of SPA websites and databases has access to all data. Other third parties which have access to website access data include Google (because SPA uses Google Analytics and Google Fonts) and social media providers such as Facebook, Twitter and LinkedIn (if applications such as Like buttons, Facebook pixel, embed, beacon or company profile are used).
The nature of cloud computing means that exact “location” of data at any one time is not possible to predict. SPA uses reputable, secure IT providers which store cloud data within Australia. These IT providers have access to SPA data.
How SPA holds personal information
SPA holds personal information in a number of ways, including:
- electronically in a cloud-based database or in cloud-based files;
- with third-party providers such as fundraising platforms or professional conference organisers; and
- in hardcopy (SPA aims for a low-paper office, so hardcopy documents sent to SPA may be scanned and stored in the cloud, then recycled).
Hardcopy documents are stored within the SPA office, which does not have public access. Sensitive hardcopy information (such as banking or print-outs of bursary applications) is stored in lockable filing cabinets. Information no longer required will be de-identified or destroyed immediately and on an annual basis.
New information collected about an individual may be combined with other personal information already held about that individual, such as adding information to a Member’s database record.
What measures does SPA take to protect your personal information?
SPA strives to protect the personal information you provide us with from misuse, loss, unauthorised access, alteration, deletion and unauthorised disclosure. Personal information SPA receives is stored in the cloud. SPA has implemented a number of standard and additional external and internal security measures to promote security of personal information including training and access restrictions.
Electronic communication is not a secure environment. Information sent via this medium (including via online forms, email, SMS or other electronic means), including your personal information, is at your own risk. SPA cannot guarantee the security of any information you transmit to or receive from SPA. However, once SPA receives your personal information over the internet, that information will be subject to the security measures put in place by SPA.
Access to information
You have a right to request access to personal information held about you by SPA and to correct any information which is not accurate. Your information will be removed or deleted if you so request, unless there is a sound reason under the Privacy Act. If SPA is unable to provide such access or correction, SPA will explain why and will explore other steps towards providing a reasonable response to the request.
Please contact the SPA Privacy Officer at email@example.com to ask for access to your personal information, to change your personal information or to request that your personal information be removed. SPA will take reasonable steps in relation to the amendment, supplementation or deletion of your personal information. Applicants must not seek access for frivolous purposes or unreasonably frequently.
Marketing material from SPA’s sponsors and marketing partners
SPA is a not-for-profit organisation. In order to fund its operations, SPA will from time to time enter into sponsorship or marketing partnership arrangements with commercial organisations. Where our marketing partners or sponsors are able to offer our Members and subscribers products or services or information on upcoming events we are keen to pass this information on to you. So SPA (or our service providers) may contact you by mail, telephone, SMS or email to inform you of these offers if you have consented to be contacted for these purposes. You may at any time contact the SPA Privacy Officer (using the contact details provided below) to advise SPA that you no longer wish to receive such communications from SPA.
Links to other sites
Contacting the SPA Privacy Officer
If you have enquiries, general concerns or complaints about this Policy, or about SPA’s actions in relation to this Policy, or would like to receive a copy of this Policy, please contact our Privacy Officer at 02 9262 1130 or firstname.lastname@example.org or GPO Box 219, Sydney NSW 2001.
For more information on SPA’s Complaints mechanisms, see Complaints. If the individual and SPA cannot resolve the issue, the individual can complain to the Office of the Australian Information Commissioner.
AUSTRALIAN PRIVACY PRINCIPLES
Principle 1: Collection
SPA will not collect personal information unless the information is necessary for one or more of its functions or activities. Collection of personal information will be fair, lawful and non-intrusive. SPA also collects information through our web site where these principles apply.
Principle 2: Use and Disclosure
SPA will only use or disclose personal information for the primary purpose it was collected for; or ensure that permission is sought for its use or disclosure for any purpose other than the primary one or as required or authorised by law.
Principle 3: Data Quality
SPA takes reasonable steps to ensure that personal information collected, used or disclosed is accurate, complete and up to date.
Principle 4: Data Security
Safeguards will be maintained to protect personal information against unauthorised access, alteration, disclosure, misuse or loss.
Principle 5: Openness
Principle 6: Access and Correction
If SPA holds personal information about an individual and the individual can establish that the information is not accurate, complete and up-to-date, SPA will take reasonable steps to correct the information so that it is accurate, complete and up-to-date. Where SPA holds personal information about an individual, it will provide the individual with access to the information on request, except to the extent that:
- Providing access would have an unreasonable impact upon the privacy of other individuals; or
- The request for access is frivolous or vexatious; or
- Providing access would be unlawful; or
- Denying access specifically authorised by law.
Principle 7: Identifiers
SPA will not adopt as its own identifier, an identifier that has been assigned by a government agency (or by an agent of, or contractor to, a government agency).
Principle 8: Anonymity
Whenever it is lawful and practicable, individuals will have the option of not identifying themselves when dealing with SPA.
Principle 9: Transborder Data Flows
SPA will not transfer personal data outside Australia unless:
- The individual concerned consents to the transfer; or
- The transfer is necessary for the performance of a contract between the individual concerned and SPA, or for the implementation of pre-contractual measures taken in respect to the individual's request.
Principle 10: Sensitive Information
SPA does not market to children, and we never knowingly ask a child under 13 to divulge personal information. SPA will not collect personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or details of health, disability or sexual activity or orientation unless:
- The individual, who is the subject of the information has consented
- The collection is required or specifically authorised by law
- The collection is necessary for the establishment, exercise or defence of a legal claim.