Your privacy is important
This statement outlines the AFRF’s policy on how the AFRF uses and manages personal information provided to the AFRF or collected by it.
The AFRF is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
What kind of personal information does the AFRF collect and how does the AFRF collect it?
The type of information the AFRF collects and holds includes (but is not limited to) personal information, including sensitive information, about:
- A member’s name and address.
- A member’s contact details (phone numbers, email addresses).
- A member’s financial history in respect of membership.
- The member organisation a person is the representative of, if applicable
Participants in our courses and events:
- Name, address and contact information
- Relevant personal information to the conduct of the course or event:
- emergency first responder background
- emergency contact details (eg partner contact details)
- dietary requirements (if applicable)
- Medications or advice for safety – eg COVID Vaccination status.
- De-identified data as feedback on the effectiveness of the course or event, and responses to validated scientific survey/ questionaires to gauge change in the participants.
- Name, address and contact information.
Personal Information you provide:
The AFRF will generally collect personal information held about an individual by way of an online application form for members, or by way of online forms or paper forms in the case of participants and donors. Participants in AFRF courses will need to provide some data to enable the course to be managed and conducted safely. In addition there may be some data gathered to measure the success of the course. This data will be held a treated in de-identified form and used to assess and report on the participants to gauge the changes that the course or event had upon them.
Generally, you do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Personal Information provided by other people:
In some circumstances the AFRF may be provided with personal information about an individual from a third party. At this time, the AFRF has not and does not foresee circumstances where it will seek such information held by a third party. It may interrogate publicly available data sources to confirm or extend the data it holds – eg confirming, via ASIC Registers, that a person may serve on the Board of the AFRF, or that an auditor is a qualified company auditor.
In relation to employee records:
However, the AFRF must provide access and ensure compliance with the Health Privacy Principles under the appropriate State Health Records Act in which the individual is a resident.
Note: The AFRF owes obligations of confidentiality to employees, contractors, and volunteers. Privacy obligations extend to contractors’ and volunteers’ records, as they are not caught by the employee records exemption. Any job applicants are also excluded from the employee records’ exemption.
How will the AFRF use the personal information you provide?
The AFRF will use personal information it collects from you for the primary purpose of the collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
In relation to direct marketing, the AFRF will use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing: only then you will be sent direct marketing containing an opt out. If we use your personal information obtained from elsewhere, we will still send you direct marketing information where you have consented, and which will also contain an opt out. We will always obtain your consent to use sensitive information as the basis for any of our direct marketing.
Note: providing an opt-out does not mean other privacy obligations regarding direct marketing can be ignored. You can still only use personal information for the purposes of direct marketing if the supporter is likely to expect it. Opt-outs must be respected.
We may use video surveillance for security purposes and the footage will be used only by the AFRF and by the providers of our security services for security purposes. Surveillance videos are not used by the AFRF for other purposes and the footage is not publicly available. Surveillance cameras are not located in any bathrooms or change room facilities.
Job applicants, staff members and contractors:
In relation to personal information of job applicants, staff members and contractors, the AFRF’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the AFRF uses personal information of job applicants, staff members and contractors include:
- for insurance purposes.
- for review in consideration of further, or continued, engagement by the AFRF.
- for assessment or evaluation of capacity or suitability, for a position.
- for review in consideration of any grievance or allegation made.to satisfy the AFRF’s legal obligations.
Where the AFRF receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
The AFRF also obtains personal information about volunteers who assist the AFRF in its functions or conduct associated activities, such as to enable the AFRF and the volunteers to work together. The purposes are the same as those listed for job applicants, staff members and contractors above.
Marketing and fundraising:
The AFRF treats marketing and seeking donations for the future growth and development of the AFRF as important. Personal information held by the AFRF may be disclosed to an organisation that assists in the AFRF’s fundraising. The AFRF will require a non-disclosure agreement with any organisation assisting the AFRF in this area concerning any personal information provided by the AFRF.
Who might the AFRF disclose personal information to?
The AFRF may disclose personal information, including sensitive information, held about an individual to serve the primary purpose of the AFRF, or to comply with its legal obligations. This may mean the AFRF may disclose personal information, under these circumstances, to:
- government departments or agencies – eg under legal obligations or as a requirement under a grant.
- people providing services to the AFRF.
- anyone you authorise the AFRF to disclose information to.
Sending information overseas:
The AFRF will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The AFRF does use Microsoft cloud-based and other web-based service providers to store data and documents, however this is under non-disclosure agreements that do not permit use of the information except by the AFRF. The AFRF also uses PayPal and Square to provide secure services in financial transactions.
How does the AFRF treat sensitive information?
In referring to ‘sensitive information’, the AFRF means:
Data that describes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
In this context the AFRF may need to collect some sensitive health data and employment data in order to properly and safely manage and assess the courses it runs. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
The AFRF’s staff are required to respect the confidentiality of personal information and the privacy of individuals.
The AFRF has in place steps to protect the personal information the AFRF holds from misuse, loss, unauthorised access, modification, interference, or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.
Updating personal information
The AFRF endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by the AFRF by contacting the Privacy Officer (currently the Secretary) of the AFRF at any time.
The Australian Privacy Principles and the Health Privacy Principles require the AFRF not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored.
You have the right to check what personal information the AFRF holds about you.
Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which the AFRF holds about them and to advise the AFRF of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. To make a request to access any information the AFRF holds about you, please contact the Privacy Officer in writing.
The AFRF may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, the AFRF may charge a fee to retrieve and copy any material. If the information sought is extensive, the AFRF will advise the likely cost in advance.
Please refer to the Office Of the Australian Information Commissioner for further information.
How long will the AFRF keep my information?
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for marketing purposes, where you will have consented to that.
Enquiries and privacy complaints
If you would like further information about the way the AFRF manages the personal information it holds, please contact the Privacy Officer. If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the Privacy Officer who will first talk with you over the phone. If we then have not dealt satisfactorily with your concerns we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
- email: firstname.lastname@example.org
- tel: 1300 363 992
- fax: +61 2 9284 9666