Privacy Policy

We may change or update our Privacy Policy from time to time. If we do, we will post the amended or updated version on our website. We encourage you to visit our website regularly so that you are familiar with the most recent version. Any updates or changes will apply from the time they are posted on our website.

Application

This policy applies to all staff, volunteers, contractors, students, customers and their families.

Responsibility: Responsibility: Responsibility:

Policy

1. Collection of your personal information

1.1 What kind of personal information do we collect and hold?

a. The amount and type of personal information we collect from you and hold about you will vary depending on how you deal with us.

b. If you are a member or supporter of Scope Group,the personal information that we hold about you may include:

c. If you are a person we support or are connected to a person we support (eg family member, carer, advocate or nominated representative), the personal information that we hold about you may include:

d. If you are an employee, job applicant or volunteer, the personal information we hold about you may include:

e. If you are a donor, or a corporate partner, or are connected with us through our fundraising, marketing or community access activities, the personal information we hold about you may include:

f. If you use our websites, the personal information we hold about you may include:

g. If you do not fall into one of these categories, we generally do not hold your personal information.

1.2 Do we collect sensitive information?

a. We understand that protecting your privacy in relation to sensitive information is particularly important.

b. To provide our services or to respond to inquiries about our services, we may be required to collect and hold your sensitive information including health and medical information and information relating to your disability and support requirements where you have consented to provide such information.

c. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request.

d. We will limit the collection of sensitive information to the minimum amount required in the circumstances to provide you with, or a person with whom you are connected with, our services.

1.3 Your health information

a. The privacy and security of your health information is a key priority for us.

b. When we collect and store your health information, we will ensure:

1.4 How do we collect personal information?

a. We may collect personal information from you in a range of ways including:

b. Where possible, we will collect your personal information directly from you or your nominated representatives. However, there may be circumstances in which we need to collect your information from other people or organisations.

c. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we have collected your personal information.

d. If you have provided us with information about another person, then you need to tell that other person that you have done so, that they have a right to access their information and that they can refer to the Privacy Policy for information on how Scope Group will handle their personal information.

1.5 Unsolicited personal information

a. Sometimes we may receive personal information that we did not request. This is known as unsolicited personal information.

b. If the information is such that we could have lawfully collected it for an allowed purpose (see Section 2 below), then we will deal with the information in the same way as solicited information.

c. If the information is such that we could not have lawfully collected it, we will destroy or de- identify it as soon as practicable if it is lawful and reasonable to do so.

d. Personal information provided to us that is additional to the information that we requested will be treated as unsolicited personal information. For example, if an individual completes an application form but attaches financial records that we did not ask for, these are treated as unsolicited personal information.

1.6 If you do not provide us with your personal information.

a. If you do not provide us with the personal information we reasonably request, we may be unable to provide you with the information, services or supports that you are requesting.

2. Use of your personal information

2.1 Why does Scope Group need your personal information?

a. The purposes for which we collect, hold, use, or disclose your personal information depends on how you deal with our organisation.

b. If you are a member or supporter of Scope Group, we may collect, hold, use, and disclose your personal information to:

c. If you are a person we support or are connected to a person we support (eg, family member, advocate or nominated representative), we may collect, hold, use, or disclose your personal information to:

d. Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are at the end of this Privacy Policy.

e. If you are an employee, job applicant or volunteer, we may collect, hold, use, or disclose your information to:

f. If you are a donor, or a corporate partner, or are connected with us through our fundraising, marketing or community access activities we may collect, hold, use, or disclose your information to:

g. Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are set out in Section 5.1 of this Privacy Policy.

h. If you use our websites, we may collect, hold, use, or disclose your information to:

i. We may use your personal information for the purposes we collect it for. We may also use it for purposes related to (or in the case of health or sensitive information, directly related to) the purpose of collection where you would reasonably expect us to. For example, if we have collected your personal information in connection with one fundraising appeal, we may use that information to contact you about future appeals.

2.2 Direct marketing, support communications, and invitations to participate in research

a. Where we use your personal information that we have collected directly from you to send you marketing material, supporter communications, and invitations to participate in research by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information.

b. By electing not to opt-out, we will assume we have your consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to activate.

c. If you do not wish to receive direct marketing communications or research invitations from us, please contact us. Our contact details are in Section 5.1 of this Privacy Policy.

2.3 Who does Scope Group disclose your information to?

a. In order to operate an efficient and sustainable organisation and to enable us to carry out our activities and provide our services and supports, we may be required to disclose your personal information to third parties. This may include disclosure to:

b. In the event of unauthorised access, unauthorised disclosure or loss of your personal information, we will investigate and may notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.

c. We take reasonable steps to make sure that external organisations will protect the privacy of your personal information, in accordance with this Privacy Policy.

d. We will not sell your personal information.

2.4 Will your personal information be transferred offshore?

a. Our technology infrastructure primarily uses cloud infrastructure or servers located within Australia, but we may on occasion use a platform or service located offshore. Apart from this, we do not typically transfer personal information offshore. By providing your personal information to us or using our services and supports, you are taken to have consented to this transfer.

b. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request.

c. If we transfer information offshore for other purposes, we will only do so with your consent or otherwise in accordance with Australian law.

d. Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, we will take steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law.

e. If you have any queries or objections to such disclosures, please contact us via the details set out in Section 5.1.

2.5 How do we store personal information and for how long?

a. We take all reasonable steps to ensure that your personal information is securely stored and protected. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions to buildings where information is held. In addition, access to your personal information is restricted to those properly authorised to have access.

b. Unfortunately, there are inherent risks in the management of personal information, and we cannot and do not guarantee that unauthorised access to your personal information will not occur.

c. We keep your personal information for as long as it is needed for the purposes for which it was collected and to comply with legal requirements.

d. There may be instances where some personal information about you is collected on a mobile device that is not owned by Scope Group (eg. photographs taken on a staff member’s personal mobile phone while out doing an activity). In such instances, Scope will reinforce to all staff the importance of removing the information or images from the personal device as soon as the content has been transferred into Scope’s systems for appropriate management.

e. When personal information we hold is no longer needed for any purpose, including legal purposes, and subject to our legal obligations, our information management policy and data retention schedule, we will take reasonable steps to destroy or alter that information so that it no longer identifies you.

f. In relation to health information, we take reasonable steps to destroy or permanently de-identify health information if it is no longer needed for the purpose for which it was collected or any other purpose authorised by the Health Records Act, the regulations made under the Health Records Act, or any other law.

3. Accessing and Correcting Your Personal Information

3.1 How can we keep your personal information up to date?

a. We take steps as are reasonable in the circumstances to correct personal information we hold. If any changes to your personal information are required, please let us know by contacting us using the details set out below in Section 5.1.

3.2 Can you access your personal information?

a. You can ask us for access to the personal information that we hold about you at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request. For security reasons we may ask you to put your request in writing.

b. We will not typically charge you for access to your personal information.

c. Generally (but subject to Australian law), we will provide you with access to your personal information within a reasonable time and in the manner requested by you. However, there may be some circumstances when this is not possible, including where:

d. If we do not provide you with access to all of your personal information, we will tell you the reason why we have not done so.

4. Your Privacy Online

4.1 Online data collection and use

a. When you access a Scope Group website, anonymous technical information may be collected about user activities on the website, including via Google Analytics. This may include information such as the type of browser used to access the website, the pages visited, and geographical location.

b. This information is used by Scope Group to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to personal identification details.

4.2 Cookies

a. Like many websites, Scope Group’s websites may use cookies for various reasons, including to recognise a computer which has previously visited our websites and customise our websites according to previous preferences and site behaviour.

b. You can choose if and how a cookie will be accepted by configuring your preferences and options in your web browser. For example, you can set your browser to notify you when you receive a cookie or to reject cookies. However, if you decide not to accept cookies, then you may not be able to gain access to all the content and functionality of Scope Group’s websites.

4.3 How we handle email and ‘contact us’ messages

a. We may keep the content of any email, or “Contact us” or other electronic message or form, that we receive. The message content may be monitored by our service providers or staff for purposes including trouble shooting, compliance, auditing and maintenance, or where email abuse is suspected. Personal information will be handled in accordance with this Privacy Policy.

5. Contact Us

5.1 Contact details

a. If you have any questions in relation to privacy, please contact Scope Group’s Privacy Officer at [email protected].

b. You can also seek further information and advice from the Office of the Australian Information Commissioner by calling 1300 363 992.

6. Privacy Complaints

a. Please direct all privacy complaints to Scope Group using the contact details set out above at Section 5.1.

b. At all times, privacy complaints:

c. Scope Group will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.