Privacy Policy

PURPOSE

1. This document is Bobby Goldsmith Foundation’s (BGF’s) policy on Privacy.
2. The objectives of BGF’s Privacy Policy are:
   • To ensure that BGF takes seriously the responsibility attached to gathering and maintaining sensitive client, donor and contractor information;
   • To ensure that BGF has satisfactory systems and procedures in place to handle and protect personal information; and
   • To outline BGF’s approach to handling privacy complaints.

SCOPE

1. This document applies to the personal information held by BGF.
2. Should at any time you provide us with personal information about someone other than yourself, you must vouch that you have received consent from the person so identified to provide such information.

DEFINITIONS

1. ‘Personal Information’ means information, or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
2. ‘Sensitive Information’ means:
   1. Information, or an opinion, about an individual’s:
      • Racial or ethnic origin; or
      • Political opinions; or
      • Membership of a political association; or
      • Religious beliefs or associations; or
      • Philosophical beliefs; or
      • Membership of a professional or trade association; or
      • Membership of a trade union; or
      • Sexual preferences or practices; or
      • Criminal record (that is also personal information); or
   2. Health information about an individual; or
   3. Genetic information about an individual that is not otherwise health information.

PERSONAL INFORMATION

1. The types of information we collect are typically, not exclusively,:
   • Identity Information such as name, date of birth, gender ;
   • Contact Information e.g. address, phone number, email address etc.;
   • Health and Medical Information, typically of a highly sensitive nature;
   • Financial Information about financial affairs including bank account and credit card details, transactional values, asset and liability positions, TFN, etc.;
   • Statistical Information such as online behaviour, thoughts, views and ratings of certain services etc.;
   • We acknowledge that some of the information we collect is of a highly sensitive nature, and will limit the collection of this type of information to that which is necessary to enable us to better perform our services.
2. The sources of information are:
   • Clients of our services;
   • Staff, volunteers and Board members of BGF;
   • Donors;
   • Suppliers and contractors;
   • Other health service providers;
   • Research databases; and
   • Research
3. Information is collected in the following ways:
   • Directly from the individual, either in person i.e. face-to-face, by phone, by email, online, through a questionnaire, or via a response device from direct marketing activity;
   • Through third parties such as contractors, health care workers, social workers.
4. The primary purposes for collecting personal information are:
   • To verify identity upon commencement of an occasion of service;
   • To provide BGF’s primary functions and activities;
   • To better understand communication preferences so that we can provide appropriate information and services in the manner and mode preferred;
   • To process financial donations and provide receipts;
   • To maintain an accurate history of an individual’s ongoing relationship with the organisation;
   • To accurately target and communicate our services, support, donations, campaigns, research programs;
   • To enable support through volunteering, donations, in-kind;
   • To evaluate our programs and services for continuous improvement;
   • To enable us to measure the impact our programs are having, and report this information back to our donors and funders; and
   • To comply with relevant legislation.
5. Use of personal information for secondary purposes
   • Use or disclosure of personal information for secondary purposes is permitted only if:
     • the secondary purpose is related to the primary purpose for collection;
     • for sensitive information (see Section 5 below), the secondary purpose is directly related to the primary purpose; and
     • the individual would reasonably expect BGF to use or disclose the information for the secondary purpose.

SENSITIVE INFORMATION

1. Under APP 3, sensitive information cannot usually be collected without the person’s consent. Information about a person’s health is considered one type of sensitive information.
2. APP 3 also permits organisations to collect health information without consent in certain circumstances, where the information is collected for:
   • Research, or the compilation or analysis of statistics relevant to public health and public safety; and
   • The management, funding or monitoring of a health service.
3. Typically but not exclusively, sensitive information can include information or an opinion about an individuals’ HIV status, political beliefs, political and professional/trade associations, sexual preferences, the existence or not of a criminal record, ethnicity and of course information about health.
4. BGF is fully cognisant of its requirements under the Public Health Act 1991 (NSW) which provides that a person who, in the course of providing a service, acquires information that another person: (a) has been, or is required to be, or is to be, tested for HIV, or (b) is, or has been, infected with HIV, must take all reasonable steps to prevent disclosure of the information to another person.

DIRECT MARKETING

1. From time to time BGF could undertake direct marketing activities to individuals, based on personal information we have received.
2. BGF does not sell, rent, or generally make available personal information to any third parties for the purposes of marketing solicitations.

DISCLOSURE TO THIRD PARTIES

1. From time to time, it may be necessary for BGF to disclose personal information to This could be in order to perform our duties, or it may be in order for an individual to receive services from other service providers. Examples of such third party disclosure include:
   • Other health support agencies;
   • Other professional services e.g. legal services, accounting services etc.;
   • Law enforcement agencies e.g. the police;
   • Service providers e.g. printers; and
   • Researchers These third parties will have access to personal information to the extent needed to perform their functions or as required by law but may not use it for other purposes.
2. There may be circumstances when we are obliged to disclose personal information about an individual without their consent. Such circumstances include:
   • When we are required to by law;
   • When a minor is perceived to be at risk;
   • When it’s in the interests of public health or safety; and
   • When it’s in the interests of personal health or safety.
3. Should an individual have a guardian appointed to care for their affairs, it may be necessary for us to disclose their personal information to this person.

PERSONAL INFORMATION STORAGE

1. In keeping with APP 11, BGF takes all reasonable steps to protect personal information in its possession from misuse, interference and loss, and from unauthorised access, modification or disclosure.
2. Client’s personal information is stored in both hard copy format and electronically. Storage is managed via our Records Management Policy and Procedures.
3. Hard copies of client’s files are created, maintained and stored on site within BGF’s main offices in Devonshire Street, Sydney NSW. Files are housed within a lockable compactus in an area where access is limited to staff and volunteers.
4. Archived files of lapsed and deceased clients are stored offsite for up to 7 years as required by Storage is undertaken by a third party provider who is compliant with the Australian Privacy Principles.
5. Electronic data storage is via BGF’s password-protected relational database. A daily (nightly) back-up of electronically written data is performed and sent offsite as part of BGF’s Disaster Recovery Plan.
6. All decommissioned servers and hardware including PCs are sent offsite to a recycling centre for destruction/recycling. They contain no data when dispatched offsite.
7. Personal information remains attached to an electronic file record until such time as the record is deleted (on request) or upon our purging the database after 7 years of ongoing inactivity.
8. Donor’s personal information is stored both in hard copy format and electronically. Storage is managed via our Records Management Policy and Procedures.
9. Hard copies of personal information encompass establishing a donor relationship with BGF. Such documents are stored on-site for up to 7 years being the statutory requirement.
10. Electronic storage of donor information occurs on Raiser’s Edge, an electronic donor database that is operated in-house.
11. Electronic records written to Raiser’s Edge daily are backed up each night and stored offsite as part of BGF’s Disaster Recovery Plan.
12. Should an individual become aware of any misuse, interference or loss of personal information, or unauthorised access to their personal information, they should notify us at their earliest opportunity.

YOUR PERSONAL FINANCIAL INFORMATION

1. Any credit card or debit card numbers, expiry dates and CCVs we receive in the course of receiving a donation to BGF are processed using SSL certificates via a third-party financial services provider. SSL (secure socket layer) technology is the current industry standard for processing online payments, and as such, precludes any unlawful third party from unauthorised access to this information
2. On our servers, this data remains encrypted, and thus inaccessible to all except authorised BGF staff.
3. Personal financial information received from clients is stored both in hard copy format within the client’s file, and electronically attached to the client record within the client database.

ACCESSING PERSONAL INFORMATION

1. Individuals have the right to access the personal information we retain about them, subject to certain legal exceptions. Should they wish to gain access to this information, we require that they apply in writing, following our guidelines specifying what information they wish to receive, and why.
2. Where we choose not to allow access to the information we hold about an individual, we are obliged to explain the reason/s why.
3. Should we become aware of any unauthorised access to an individual’s personal information, we will contact them at our earliest opportunity, subsequent to our having investigated when and how the unauthorised access took place, and what information was accessed.

UPDATING PERSONAL INFORMATION

1. Individuals may request that BGF update, modify or delete any personal information that we currently hold on them.
2. Before proceeding with the request we will ensure that their identity is verified.
3. Where we believe the information we hold is inaccurate or out-of-date, we have the right to correct it.
4. To request access to their personal information, or to request an update to their personal information, an individual may contact us in a number of ways:
   • By mail to BGF, PO Box 1444, Strawberry Hills, NSW 2012
   • By email to bgf@bgf.org.au
   • By telephone at 02 9283 8666
   • By fax to 02 9283 8732
   • Online at bgf.org.au

COMPLAINTS ABOUT BGF’S HANDLING OF PERSONAL INFORMATION AND BGF’S PRIVACY POLICY

1. BGF operates a Privacy Complaint Handling process (mechanism) that guides the approach to take should an individual have any questions or complaints.
2. Individuals should refer to the attached guidelines when lodging a complaint.

ACCESSING BGF’S PRIVACY POLICY

1. A copy of our Privacy Policy is available upon request. Alternatively, you can download a copy of our Privacy Policy from the BGF website (bgf.org.au).
2. From time to time, we will review this policy and make These amendments will be reflected in the latest version of our policy.

Attachments

  Date Implemented: February 2018 Date Amended: December 2024 Scheduled review date: December 2026