The Indigenous Literacy Foundation (ILF) is committed to protecting and respecting your privacy having regard to the Privacy Act 1988 (Cth) and other privacy legislation such as the General Data Protection Regulation (EU) 2016/679 (the GDPR).
As a result, we have implemented practices, procedures and systems in relation to privacy, to maintain the confidentiality and security of personal information and personal data we collect and hold; and manage our systems, practices and procedures in an open and transparent way.
By “personal information”, we mean information or an opinion, whether true or not, about an identified individual, or about an individual who is reasonably identifiable (including by reference to identifiers such as a name, an ID number, location data, or an online identifier), as well as “personal data” as defined under the GDPR.
This policy (as amended from time to time) sets out how we handle the personal information we collect and hold. It should be read together with any terms and conditions set out on collection channel on which you provide us with personal information.
The kind of personal information we may collect and hold depends on how you interact with us, but will primarily include:
We may also collect and hold:
We do not keep files containing all of the above information on all people who contact us, or with whom we deal. In many cases, we may have only one or two pieces of information relating to any particular person.
We collect and hold personal information for a variety of purposes – and different kinds of personal information are used for different purposes.
In each case, however, the personal information we collect and hold is reasonably necessary for our functions and activities, including in order to provide you with services you would expect from us. These purposes are:
Under the GDPR, our processing of personal information as described above is generally necessary for the performance of a contract to which you are a party. We may also process your personal information for the purposes of our legitimate interests, including running our business securely, lawfully, efficiently and safely; driving sales with effective marketing and advertising (including the use of trade promotions); and continuously improving our business using business analytics.
From time to time, when collecting information from you, we may also ask you to “opt-in” to consent to us using or disclosing your personal information other than in accordance with this policy or any applicable law. As part of our commitment to protecting your privacy, however, you will also be given the opportunity to withdraw your consent to our use of your personal information other than in accordance with this policy at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
You may also “opt-out” from receiving communications from us or from third parties that send communications to you in accordance with this policy or in accordance with any additional consent you give, and we will comply with your decision. (You will be able to “opt out”, for example, by clicking on an “unsubscribe” link at the end of an email, or by contacting our Privacy / Data Protection Officer.)
We only collect personal information by fair and lawful means, including when people:
We prefer to obtain any personal information we collect directly from you. In some cases, however – it may be unreasonable or impracticable to obtain information directly, and we may obtain that information from someone else. We may also collect information from external service providers to whom we have contracted services as well as from third parties who offer products and services to you.
If you are concerned about what information we may hold about you, please see below for information on how you can access and (if necessary) correct that information.
When you visit our website we may send your browser a cookie. A cookie is a small file placed on your computer or mobile phone's browser that helps us recognise you when you return to our website or to the app and can tell us whether or not you've visited the site before. Your browser will tell us if you have these cookies, and if you don't, we may generate new ones.
You can disable cookies from our site at any time by changing your browser settings (typically found in the “options” or “preferences” menu of your browser). Please note, however, that changing these settings may prevent areas of our website from working as intended.
We may also use third-party cookies, including Google Analytics features, Facebook Remarketing tags and tracking pixels and DoubleClick remarketing pixels. Based on your past visits to our website, these enable third-party vendors such as Google and Facebook to provide you with information about products and services that may be of interest to you as you browse the internet more generally (including information about products and services from third-parties).
For more information about cookies, including to see what cookies have been placed, how to manage and delete them, and how to opt-out of being tracked by social networks and third-party advertisers, visit these services:
We may use or disclose your personal information to promote both our products or services and those of third parties through direct marketing.
You may ask us to identify how we acquired the personal information that we use or disclose for direct marketing purposes by contacting us via the details set out at the end of this Policy.
If at any time you do not wish to receive any direct marketing communications whether from us or from third parties, you can ask us not to send you any further direct marketing communications and not to disclose your personal information to third parties for that purpose by using the “unsubscribe” facility included in a prominent statement in the direct marketing communications or by contacting us via the details set out below.
In many cases, you will need to provide your real name when interacting with us. You may however – wherever lawful and practicable – use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about any of our resources or services, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our resources or services, or we may not otherwise be able to respond adequately to you.
For clarification on when you must identify yourself, please contact our Privacy / Data Protection Officer. (You may use a pseudonym – or simply not identify yourself – when making such an enquiry.)
Generally, only our officers and staff will access your personal information, and then only on a “need to know” basis.
We may also disclose your personal information:
We only keep your personal information for as long as is necessary to provide you with the goods or services you have requested from us or for as long as we reasonably need to retain the information for our legitimate interests.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time we need to keep it.
At this stage, we do not use automated decision-making which produces legal effects which significantly affects data subjects.
Your rights and choices
As set out in more detail below, you may:
If you wish to review (and, if necessary, correct, update or erase) personal information that we may have collected and hold on you, please contact our Privacy / Data Protection Officer.
We will respond to your requests to access, correct or erase your personal information as soon as possible (but in any case, within a reasonable period).
Contact our Executive Director/ or Business Relationship & Fundraising Manager (details below) if you have a complaints about any breach of any applicable privacy principles or of any registered code that binds us. If you are located in the European Union, then you may make a complaint with a supervisory authority in your jurisdiction.
How will we deal with complaints you might have about breaches of applicable privacy legislation or any relevant registered code?
We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.
We take reasonable steps to ensure that your personal information is treated securely and in accordance with this policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, apart from using secure servers, we implement firewalls and password access and, where relevant, impose limits on who can access personal information.
While we use Secure Sockets Layer (SSL) encryption software for security, please also note that the transmission of information (including over the Internet) is never completely secure. You understand, therefore, that the transmission and storage of personal information is not necessarily wholly secure, and that the steps we take to protect your personal information, though reasonable, may not always be effective. In those circumstances, we do not accept responsibility for any misuse or loss of, or unauthorised access to, your personal information. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We hold personal information securely both in our offices and on secure servers, some of which may be located overseas. The transfer of your personal information overseas is necessary for the performance of the Terms and Conditions.
Personal information may also be processed by staff or agents operating outside Australia. Such staff or agents may be engaged in, among other things, hosting information on the cloud, processing payment details and providing support services.
We will not, however, transfer your personal information overseas to a country that is not subject to a comparable privacy scheme unless the organisation to which we disclose that information implements privacy policies comparable to the obligations that apply under Australian law.
If you have any concerns or questions about privacy issues, including how we are dealing with or holding your personal information, contact our Business Manager/ Privacy / Data Protection Officer.
Please also contact our Business Manager Privacy / Data Protection Officer if, for example: