The Foundation for Australia’s Most Endangered Species Ltd Privacy Policy

STAKEHOLDER PRIVACY AND CONFIDENTIALITY POLICY
Foundation for Australia's Most Endangered Species Ltd.
Approved by: FAME Board

1. Purpose
FAME recognises the important relationship between the Company and its donors, sponsors and stakeholders at large. The Company is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information.

FAME protects privacy and is compliant with the Privacy Act 1988 and the Australian Privacy Principle (APPs), subject to the provisions of the Privacy Act. The APPs govern the way in which we collect, use, disclose, store, secure and dispose of personal information.

In this policy, "personal information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. This definition comes from section 6 of the Privacy Act.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
Stakeholders of FAME have the right to understand:

• How information is collected, stored, protected, disclosed and destroyed
• How stakeholders can gain access to their own personal information and seek any correction.
• How to complain or enquire about the collection, handling, use or disclosure of personal information and how that complaint or inquiry will be handled.
• FAME will comply with the data breach provision in the Privacy Act (Part IIIC – Notification of eligible data breaches), to minimise the occurrence of a breach. Should a breach occur, the breach is identified and dealt with in accordance with the Privacy Act, as amended.

2. What is personal information?
Personal information is information or an opinion that identifies an individual. Examples of personal information we collect include names, addresses, email addresses and telephone numbers.

3. Why do we collect it?
FAME collects information from stakeholders for a variety of reasons in order to be able to carry out the functions and delivery of services. Information is often collected for the primary purpose of:
• seeking donations
• providing information about our activities
• managing our conservation work
• our recruitment, corporate, administrative and other functions
• direct marketing

We generally collect personal information directly from individuals, for example, where you contact us and ask to become a supporter or member, make a donation, or otherwise interact with us.

We collect banking or credit card details if you want to make payments (e.g. donations, membership fees).

Personal information is obtained in many ways including interviews, by email, correspondence, donation forms, by telephone, via our website ww.fame.org.au, from your website, from media and publications, from other publicly available sources, from cookies on our website and from third parties. We don’t guarantee the privacy security of website links or policy of authorised third parties.

4. What information do we collect?
FAME is required to collect information in order to carry out the business and operations of the Foundation. FAME acknowledges the importance of understanding the purpose for which information is collected. Some or all of the following types of information is required in conducting the business of the Foundation.

We collect personal information for the primary purpose of providing our services to you, providing information to our stakeholders as well as for marketing purposes. We may also use your personal information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing or using the unsubscribe link in email.

5. Dealing with unsolicited personal information
If FAME receives unsolicited personal information then we must, within a reasonable period after receiving the information, determine whether or not we could have collected the information under APPs. If we do not require the information, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

6. How is information collected?
Whenever possible, information is collected directly from the relevant person, and preferably only from you. In addition, we may collect information from other associated organisations or individuals who can provide the required information. FAME uses standardised tools and forms that enable streamlined information gathering.

When we collect personal information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Information is often provided to or collected by FAME in the following formats: hard copy forms, email, letters, notes, over the telephone and during face to face meetings.

7. Sensitive information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, date of birth, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, court orders or health information.

Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
8. Third parties
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

9. How is personal information used?
Personal information is collected in order to assist FAME carry out our primary work. Information is collected and used for purposes such as:

• Fundraising activities
• Informing people of activities and programs
• Marketing and promotional activities
• Business improvements: training, service development, planning, research and statistics
• Administration

10. Security of personal information
Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. This may include, but not limited to, secure online portals, databases, hard copy files, electronic devices, mobile phones (such as emails or text messages) or on cameras.

The security of personal information is one of the highest priorities for FAME and as such every effort will be made to ensure personal information is secure, not misused, lost, changed, or disclosed without consent.

Security procedures
• Access to personal information is restricted on a need to know basis. Only management and support staff have access to personal information stored on FAME’s database system. Administration staff have controlled access to relevant data only.
• Physical security systems such as locked office doors, locked cabinets, and electronic security systems are in place to secure any hard copy information kept on site. Only authorised staff members have access to the offices.
• Staff ensure that desktops are clear of any confidential information while visitors are in the offices.

• FAME aims to keep hard copy information to a minimum. All hard copy information is loaded into the secured online system and hard copy documents containing personal information are:

o Disposed of securely, where there is no legal requirement for the documents to be retained; or

o Secured for a period of 7 years, if there is a legal requirement for the documents to be retained. If no longer required after that time they are disposed of in a secure manner, or de-identified if in relation to data.

• Staff are aware they are unauthorised to share passwords.

• Appropriate policies and procedures are in place to ensure staff follow correct protocols in relation to emails, internet and confidentiality when handling personal information.

• Appropriate due diligence will be carried out in relation to third party service providers who may have access to personal information to ensure, as far as practicable, that they are compliant with the APPs. In these instances, third party service providers are required to sign Confidentiality Agreements.

11. Disclosure of personal information
Your personal information may be disclosed to others in the following circumstances:
• Third parties where you consent to the use or disclosure;
• Where required or authorised by law; and
• Disclosure is necessary for a law enforcement related activity.

12. Your access to personal information we hold
You may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing. FAME will respond within a timely manner (i.e. one calendar month).

You will be notified, if FAME does not agree to provide you access or to amend the information as requested. If appropriate, you will be notified of the reason for this decision. If you request a change to information, and that request has been denied, then you may make a statement about the requested change and FAME will attach this note to the relevant record.

FAME will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information.
In order to protect your personal information, we will require identification from you before releasing requested information.

13. Maintaining the quality of personal information
It is important to us that your personal information is up to date. We will take reasonable steps to make sure that your personal information is accurate, complete, and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

14. Security breaches of personal information
The CEO is to be informed immediately, if FAME is alerted to a possible or actual security breach of personal information. If the CEO is unavailable, staff members will immediately inform the Chair or an available Board member.

The CEO and Board will take steps to minimise the extent of the breach and will notify the stakeholder/s or external organisation/s to whom the information relates as soon as possible.

15. Data reporting
FAME collects data and makes regular reports to funders and broader stakeholders. All data provided in such reports is de-identified in order to protect the identity, privacy and confidentiality of individuals.

16. Consent to use images
FAME will obtain consent for any images of individuals taken for promotional purposes. We will use consent forms that contain detail about the purposes for which the photograph or video/DVD footage will be used.

In some circumstances it can be difficult to gain consent. In cases where it is intended to take photographs or video footage at a large event, services we will give notice to people attending the function that photographs or video footage will be taken and used for specified purposes. Giving notice demonstrates respect for individual privacy and allows an attendee to make arrangements if they are sensitive to the use of their image.

Special care is taken in the publication of photographs or video/DVD images of children. Prior to publication, the consent of the child’s parent or legal guardian will be gained in relation to photographs or video/DVD footage of persons under the age of eighteen.

17. Complaints in relation to privacy
If you wish to make a privacy complaint to FAME, the complaint may be made in person, in writing via letter or email, or by telephone. Complaints are to be directed to the CEO.

The complaint will be responded to within a reasonable time frame (no longer than 30 days) and FAME may require further information in order to provide a full and complete response.

18. More Information
For more information about this policy please contact the CEO of FAME by telephone on +61 8 8374 1744 or email tracy.mcnamara@fame.org.au.

19. Responsibility
CEO

20. Review of Policy
This policy is updated regularly. To ensure you are reading the most current version, please access FAME’s website: www.fame.org.au.

21. Policy History
Revisions to Policy
Revision No 1: November 2020
Revision No 2: September 2021

TRAIL SOFTWARE, INC. PRIVACY POLICY

This Privacy Policy (this “Privacy Policy”) describes Trail Software’s (d/b/a Kindful) (“Trail Software”, “Kindful,” “we,” “us,” or” “our”) collection, use, and disclosure of “personal information” that may be collected by Kindful anytime you (“you” or “user”) visit our website, [https://www.kindful.com] (this “Site”). “Personal information” means information about an identifiable individual who can be directly or indirectly identified, which does not include information of an aggregate or anonymous nature where a specific individual or individuals cannot be identified.

BY SUBMITTING YOUR INFORMATION THROUGH THIS SITE, YOU CONSENT TO THIS PRIVACY POLICY AND TO KINDFUL’S) COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION ACCORDING TO THE TERMS OF THIS PRIVACY POLICY. THIS SITE IS A GENERAL AUDIENCE SITE AND DOES NOT KNOWINGLY COLLECT PERSONAL INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE. IF YOU ARE UNDER 13 YEARS OF AGE, YOU ARE NOT PERMITTED TO USE THIS SITE.

This Privacy Policy is applicable only to this Site and does not apply to any third party websites or to other companies or persons. This Site may contain links to, and media and other content from, other sites. Because of the dynamic media capabilities of this Site, it may not be clear to you which links are embedded in this Site and which are embedded in third-party media or content. Kindful cannot and does not guarantee the privacy policies and practices of any third party. Kindful does not control, operate, or endorse any information, products, or services of any third-party websites that may be reached through links from this Site. The use of any personal information provided by you to such third party will be governed by that party’s privacy policy. If you are unsure whether a website is controlled, affiliated, or managed by Kindful, you should review the privacy policy at each linked website to determine how that site treats your personal information.

TRAIL SOFTWARE MAY CHANGE THIS PRIVACY POLICY FROM TIME TO TIME. THE REVISED POLICY WILL BE POSTED ON THIS SITE. Your continued use of this Site after Kindful posts a revised Privacy Policy signifies your acceptance of the revised Privacy Policy and your consent to Kindful’s collection, use, and disclosure of your personal information according to the terms of the updated Privacy Policy. It is therefore important that you review this Privacy Policy regularly to ensure you are updated as to any changes. This Privacy Policy was last revised on July 1, 2019.

Information we collect and how we may use it

If you are a customer of Kindful, we collect certain information about you in order to provide you with our donor management system and/or online payment service (the “Service”). When you register for the Service we will request some personal information such as your name and email address, and information about your organization such as the name of your organization, Tax ID, mailing address, and tax designation. Furthermore, if you are opening a merchant account, Kindful may also obtain information about you from third party sources, including, without limitation, consumer reporting agencies. This information is used to contact you about the services on our Site for which you have expressed an interest. As part of the Service, we may also collect donor information on behalf of your organization. Except as may be expressly set forth herein, we will not use any donor information collected on your behalf for any purpose other than to provide the Service. Any tax or financial information we collect is used only to bill you for the Service. If you purchase the Service by credit card, this information will be transmitted to our credit card merchant account provider, and may be forwarded to your credit card provider. We do not store credit card information.

If you are a donor for a Kindful customer, we collect certain information from you in order to process your donation (“Donor Information”). Kindful will use Donor Information during the course of providing the Service to such Kindful customer. Kindful may also use Donor Information at an aggregate level for internal business analyses and fraud prevention. During the course of providing the Service to Kindful customers, Kindful may disclose Donor Information to banks, processors, card associations, and other financial institutions that are involved in the course of processing or screening the transaction applicable to the Donor Information.

We may use personal information for internal purposes to provide you with other products and services, or to contact you regarding administrative notices or communications relevant to you on this Site. In addition, we may use personal information to provide or improve products or services that you have requested.

Please note that personal information does not include “aggregate” information, which is data we collect about a group or category of users, from which individual identities or other personal information has been removed. This Privacy Policy in no way restricts or limits our collection, use, or our ability to sell such aggregate information.

Additional Limits on Use of Google User Data: Notwithstanding anything else in this Privacy Policy, the following types of your Google data will be subject to these additional restrictions:

  • We will only use access to read Gmail message bodies (including attachments), metadata, headers, and settings to display emails to authorized users of Kindful and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

  • We will not use this Gmail data for serving advertisements.

  • We will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations and even then only when the data have been aggregated and anonymized.

When we disclose your information

Kindful takes your privacy very seriously. The information we collect is used to provide the Service, and, in general, is not shared with or sold to other organizations for commercial purposes. However, there are times when it may be advantageous for Kindful to make certain personal information about you available to companies that Kindful has a strategic relationship with or that perform work for Kindful to provide products and services to you on our behalf. These companies may help us process information, deliver products or services to you, provide customer service, manage and enhance user data, assess your interest in our products and services, or conduct user research or satisfaction surveys. We may also disclose your personal information, if you have authorized us to act on your behalf to initiate the creation of a merchant account for the purpose of accepting donations by credit card.

At times we may be required by law or litigation to disclose your personal information. We may also disclose information about you if we determine that for national security, law enforcement, or other issues of public importance, disclosure is necessary.

In addition, Kindful may sell, transfer or otherwise share some or all of its assets in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy. In such an event, personal information may be one of the assets transferred.

How we protect your personal information

Kindful takes precautions to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission that can be guaranteed against any interception or other type of misuse.

You can help us by also taking precautions to protect your personal data when you are on the internet. Do not share your registration information with anyone, and make sure you use a secure web browser.

Accessing your information

This Site may contain web pages through which you can correct or update some of the personal information you have provided to us. Kindful will make a good faith effort to make requested changes and correct your data if it is inaccurate or delete the data if we are not required to retain it by law or for legitimate purposes.

Cookies and other technologies

To make this Site more useful to you, we automatically gather general statistical information about this Site and its visitors, such as IP addresses (and information tied to IP addresses, such as screen size, color depth, language, java enabling, flash version, page title, host name, referring source, and page path), browsers, pages viewed, number of visitors, services purchased, etc. In doing so, we do not reference you by name, email, mailing address, or any similar personal information. We use this data in the aggregate to learn about our visitors and to improve our ability to cater to their needs. We may use third party vendors to gather general statistical information about this Site and its visitors as well as to perform certain services on behalf of this Site, such as hosting this Site, designing or operating this Site’s features, or performing other administrative services. We may provide these companies with access to your personal information to carry out the services they are performing for you or for Kindful.

As part of our service, we also use cookies to store and sometimes track information about you. A “cookie” is a small amount of data that is sent to your browser from a web server and stored on your computer’s hard drive. Generally, we use cookies to remind us who you are, to give you easier access to repeatedly used account information, to gather statistical information about usage, to research visiting patterns, and to help target advertisements based on user interests. In some instances, our partners and advertisers appearing at this Site may use their own cookies. Your web browser settings, which you may change at any time, determine if and how a cookie will be accepted. By changing those settings, you can accept all cookies, be notified when a cookie is set, or simply reject all cookies. If you decide to reject all cookies, please be aware that you may be required to re-enter your information more often and certain features of this Site may be unavailable to you.

Your California Privacy Rights

Residents of the State of California, under a provision of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes. Alternatively, the law provides that if the company has a privacy policy that gives either an Opt-out or Opt-in choice for use of your personal information by third parties (such as advertisers) for marketing purposes, the company may instead provide you with information on how to exercise your disclosure choice options.

Kindful qualifies for the alternative option; it has a comprehensive privacy policy and provides you with details on how you may either Opt-out or Opt-in to the use of your personal information by third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of the third parties that received your personal information for marketing purposes during the preceding year.

If you are a California resident and request information about how to exercise your third party disclosure choices you must send a request to support@kindful.com.