The Foundation for Australia’s Most Endangered Species Ltd Privacy Policy

STAKEHOLDER PRIVACY AND CONFIDENTIALITY POLICY
Foundation for Australia's Most Endangered Species Ltd.
Approved by: FAME Board

1. Purpose
FAME recognises the important relationship between the Company and its donors, sponsors and stakeholders at large. The Company is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information.

FAME protects privacy and is compliant with the Privacy Act 1988 and the Australian Privacy Principle (APPs), subject to the provisions of the Privacy Act. The APPs govern the way in which we collect, use, disclose, store, secure and dispose of personal information.

In this policy, "personal information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. This definition comes from section 6 of the Privacy Act.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
Stakeholders of FAME have the right to understand:

• How information is collected, stored, protected, disclosed and destroyed
• How stakeholders can gain access to their own personal information and seek any correction.
• How to complain or enquire about the collection, handling, use or disclosure of personal information and how that complaint or inquiry will be handled.
• FAME will comply with the data breach provision in the Privacy Act (Part IIIC – Notification of eligible data breaches), to minimise the occurrence of a breach. Should a breach occur, the breach is identified and dealt with in accordance with the Privacy Act, as amended.

2. What is personal information?
Personal information is information or an opinion that identifies an individual. Examples of personal information we collect include names, addresses, email addresses and telephone numbers.

3. Why do we collect it?
FAME collects information from stakeholders for a variety of reasons in order to be able to carry out the functions and delivery of services. Information is often collected for the primary purpose of:
• seeking donations
• providing information about our activities
• managing our conservation work
• our recruitment, corporate, administrative and other functions
• direct marketing

We generally collect personal information directly from individuals, for example, where you contact us and ask to become a supporter or member, make a donation, or otherwise interact with us.

We collect banking or credit card details if you want to make payments (e.g. donations, membership fees).

Personal information is obtained in many ways including interviews, by email, correspondence, donation forms, by telephone, via our website ww.fame.org.au, from your website, from media and publications, from other publicly available sources, from cookies on our website and from third parties. We don’t guarantee the privacy security of website links or policy of authorised third parties.

4. What information do we collect?
FAME is required to collect information in order to carry out the business and operations of the Foundation. FAME acknowledges the importance of understanding the purpose for which information is collected. Some or all of the following types of information is required in conducting the business of the Foundation.

We collect personal information for the primary purpose of providing our services to you, providing information to our stakeholders as well as for marketing purposes. We may also use your personal information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing or using the unsubscribe link in email.

5. Dealing with unsolicited personal information
If FAME receives unsolicited personal information then we must, within a reasonable period after receiving the information, determine whether or not we could have collected the information under APPs. If we do not require the information, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

6. How is information collected?
Whenever possible, information is collected directly from the relevant person, and preferably only from you. In addition, we may collect information from other associated organisations or individuals who can provide the required information. FAME uses standardised tools and forms that enable streamlined information gathering.

When we collect personal information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Information is often provided to or collected by FAME in the following formats: hard copy forms, email, letters, notes, over the telephone and during face to face meetings.

7. Sensitive information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, date of birth, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, court orders or health information.

Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
8. Third parties
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

9. How is personal information used?
Personal information is collected in order to assist FAME carry out our primary work. Information is collected and used for purposes such as:

• Fundraising activities
• Informing people of activities and programs
• Marketing and promotional activities
• Business improvements: training, service development, planning, research and statistics
• Administration

10. Security of personal information
Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. This may include, but not limited to, secure online portals, databases, hard copy files, electronic devices, mobile phones (such as emails or text messages) or on cameras.

The security of personal information is one of the highest priorities for FAME and as such every effort will be made to ensure personal information is secure, not misused, lost, changed, or disclosed without consent.

Security procedures
• Access to personal information is restricted on a need to know basis. Only management and support staff have access to personal information stored on FAME’s database system. Administration staff have controlled access to relevant data only.
• Physical security systems such as locked office doors, locked cabinets, and electronic security systems are in place to secure any hard copy information kept on site. Only authorised staff members have access to the offices.
• Staff ensure that desktops are clear of any confidential information while visitors are in the offices.

• FAME aims to keep hard copy information to a minimum. All hard copy information is loaded into the secured online system and hard copy documents containing personal information are:

o Disposed of securely, where there is no legal requirement for the documents to be retained; or

o Secured for a period of 7 years, if there is a legal requirement for the documents to be retained. If no longer required after that time they are disposed of in a secure manner, or de-identified if in relation to data.

• Staff are aware they are unauthorised to share passwords.

• Appropriate policies and procedures are in place to ensure staff follow correct protocols in relation to emails, internet and confidentiality when handling personal information.

• Appropriate due diligence will be carried out in relation to third party service providers who may have access to personal information to ensure, as far as practicable, that they are compliant with the APPs. In these instances, third party service providers are required to sign Confidentiality Agreements.

11. Disclosure of personal information
Your personal information may be disclosed to others in the following circumstances:
• Third parties where you consent to the use or disclosure;
• Where required or authorised by law; and
• Disclosure is necessary for a law enforcement related activity.

12. Your access to personal information we hold
You may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing. FAME will respond within a timely manner (i.e. one calendar month).

You will be notified, if FAME does not agree to provide you access or to amend the information as requested. If appropriate, you will be notified of the reason for this decision. If you request a change to information, and that request has been denied, then you may make a statement about the requested change and FAME will attach this note to the relevant record.

FAME will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information.
In order to protect your personal information, we will require identification from you before releasing requested information.

13. Maintaining the quality of personal information
It is important to us that your personal information is up to date. We will take reasonable steps to make sure that your personal information is accurate, complete, and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

14. Security breaches of personal information
The CEO is to be informed immediately, if FAME is alerted to a possible or actual security breach of personal information. If the CEO is unavailable, staff members will immediately inform the Chair or an available Board member.

The CEO and Board will take steps to minimise the extent of the breach and will notify the stakeholder/s or external organisation/s to whom the information relates as soon as possible.

15. Data reporting
FAME collects data and makes regular reports to funders and broader stakeholders. All data provided in such reports is de-identified in order to protect the identity, privacy and confidentiality of individuals.

16. Consent to use images
FAME will obtain consent for any images of individuals taken for promotional purposes. We will use consent forms that contain detail about the purposes for which the photograph or video/DVD footage will be used.

In some circumstances it can be difficult to gain consent. In cases where it is intended to take photographs or video footage at a large event, services we will give notice to people attending the function that photographs or video footage will be taken and used for specified purposes. Giving notice demonstrates respect for individual privacy and allows an attendee to make arrangements if they are sensitive to the use of their image.

Special care is taken in the publication of photographs or video/DVD images of children. Prior to publication, the consent of the child’s parent or legal guardian will be gained in relation to photographs or video/DVD footage of persons under the age of eighteen.

17. Complaints in relation to privacy
If you wish to make a privacy complaint to FAME, the complaint may be made in person, in writing via letter or email, or by telephone. Complaints are to be directed to the CEO.

The complaint will be responded to within a reasonable time frame (no longer than 30 days) and FAME may require further information in order to provide a full and complete response.

18. More Information
For more information about this policy please contact the CEO of FAME by telephone on +61 8 8374 1744 or email tracy.mcnamara@fame.org.au.

19. Responsibility
CEO

20. Review of Policy
This policy is updated regularly. To ensure you are reading the most current version, please access FAME’s website: www.fame.org.au.

21. Policy History
Revisions to Policy
Revision No 1: November 2020
Revision No 2: September 2021

Bloomerang Privacy Policy

Our full privacy policy is available at bloomerang.com/privacy-policy.