PRIVACY POLICY
(as at 1 September 2020)


We respect your privacy

The Indigenous Literacy Foundation (ILF) is committed to protecting and respecting your privacy having regard to the Privacy Act 1988 (Cth) and other privacy legislation such as the General Data Protection Regulation (EU) 2016/679 (the GDPR).

As a result, we have implemented practices, procedures and systems in relation to privacy, to maintain the confidentiality and security of personal information and personal data we collect and hold; and manage our systems, practices and procedures in an open and transparent way.

By “personal information”, we mean information or an opinion, whether true or not, about an identified individual, or about an individual who is reasonably identifiable (including by reference to identifiers such as a name, an ID number, location data, or an online identifier), as well as “personal data” as defined under the GDPR.

This policy (as amended from time to time) sets out how we handle the personal information we collect and hold. It should be read together with any terms and conditions set out on collection channel on which you provide us with personal information.

What personal information do we collect and hold?

The kind of personal information we may collect and hold depends on how you interact with us, but will primarily include:

  • your name and contact details (including email addresses and location), and other basic information about your including your gender and age;
  • information about your preferences and relationship history with us;
  • financial details such as credit card details, bank account or PayPal details or other online payment provider details;
  • details concerning your donations, transactions, enquiries and complaints; and 
  • social media account usernames and information published on your social media account.


We may also collect and hold:

  • opinions, feedback and experiences with our products or services or the products and services of third parties including our sponsors; and
  • details of your visits to our site (including traffic and location information, which pages you visit, web-logs and other communication information). We may also collect information about your computer, including (where available) your IP address, operating system and browser type.

We do not keep files containing all of the above information on all people who contact us, or with whom we deal. In many cases, we may have only one or two pieces of information relating to any particular person.

Why do we collect, hold and disclose personal information?

We collect and hold personal information for a variety of purposes – and different kinds of personal information are used for different purposes.

In each case, however, the personal information we collect and hold is reasonably necessary for our functions and activities, including in order to provide you with services you would expect from us. These purposes are:

Providing services and managing our relationship with you and others

  • to provide you with our goods and services and goods and services of our partners, and to facilitate payments from you;

Marketing and advertising

  • to provide you with news and information, products or services that you request from us or which we reasonably believe may interest you, including from our sponsors and other trusted third parties;
  • to communicate with you (including by email, mail, telephone, social media or other emerging communications channel, and including in relation to changes to our products and services);

Improving our services and conducting research

  • to conduct market research to understand what is important to our donors and communities;
  • to manage and enhance our services, including by personalising and customising your experience on our platform;
  • to create aggregate information reports for our use and to provide to our affiliates and advertisers;
  • to engage in marketing and advertising, including through social media such as using Facebook Custom Audiences and Lookalike Audiences, Instagram advertising or other social media advertising tools;
  • to conduct competitions and promotions (both on our own behalf and in conjunction with our affiliates and selected third parties);

Our website

  • to enable and enhance your use of our website, including (where applicable) to personalise and customise your experience when using our sites (including so that our site is presented in the most effective manner for you and your computer);

Miscellaneous

  • for system administration and for network analysis and security (by ourselves and our IT contractors);
  • to allow you to participate in interactive features of our sites that may be available; 
  • to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and
  • as required or permitted by any law (including privacy regulation).

 

Under the GDPR, our processing of personal information as described above is generally necessary for the performance of a contract to which you are a party. We may also process your personal information for the purposes of our legitimate interests, including running our business securely, lawfully, efficiently and safely; driving sales with effective marketing and advertising (including the use of trade promotions); and continuously improving our business using business analytics.

From time to time, when collecting information from you, we may also ask you to “opt-in” to consent to us using or disclosing your personal information other than in accordance with this policy or any applicable law. As part of our commitment to protecting your privacy, however, you will also be given the opportunity to withdraw your consent to our use of your personal information other than in accordance with this policy at any time (without affecting the lawfulness of processing based on consent before its withdrawal).

You may also “opt-out” from receiving communications from us or from third parties that send communications to you in accordance with this policy or in accordance with any additional consent you give, and we will comply with your decision. (You will be able to “opt out”, for example, by clicking on an “unsubscribe” link at the end of an email, or by contacting our Privacy / Data Protection Officer.)

How do we get the personal information it collects and holds?

We only collect personal information by fair and lawful means, including when people:

  • provide us, our affiliates or sponsors with personal information, including through our website, including when entering a contract for our goods or services;
  • fill in any contact forms on our sites (including when signing up for newsletters);
  • enter competitions or promotions we or our sponsors or affiliates may hold;
  • post material to our sites or to social media that we use (such as Facebook, Twitter, and Instagram), or otherwise interact with our social media accounts;
  • contact us for assistance or with questions or complaints; and
  • contact us other than through our sites or social media, for example, if you email us directly or send us a fax or a letter.

 

We prefer to obtain any personal information we collect directly from you. In some cases, however – it may be unreasonable or impracticable to obtain information directly, and we may obtain that information from someone else. We may also collect information from external service providers to whom we have contracted services as well as from third parties who offer products and services to you.

If you are concerned about what information we may hold about you, please see below for information on how you can access and (if necessary) correct that information.

Cookies and modern websites

When you visit our website we may send your browser a cookie. A cookie is a small file placed on your computer or mobile phone's browser that helps us recognise you when you return to our website or to the app and can tell us whether or not you've visited the site before. Your browser will tell us if you have these cookies, and if you don't, we may generate new ones.

You can disable cookies from our site at any time by changing your browser settings (typically found in the “options” or “preferences” menu of your browser). Please note, however, that changing these settings may prevent areas of our website from working as intended.

We may also use third-party cookies, including Google Analytics features, Facebook Remarketing tags and tracking pixels and DoubleClick remarketing pixels. Based on your past visits to our website, these enable third-party vendors such as Google and Facebook to provide you with information about products and services that may be of interest to you as you browse the internet more generally (including information about products and services from third-parties).

You can choose to opt out of the above by visiting the Network Advertising Initiative opt out page or, for Google Analytics.

For more information about cookies, including to see what cookies have been placed, how to manage and delete them, and how to opt-out of being tracked by social networks and third-party advertisers, visit these services:

 
Direct marketing

We may use or disclose your personal information to promote both our products or services and those of third parties through direct marketing.

You may ask us to identify how we acquired the personal information that we use or disclose for direct marketing purposes by contacting us via the details set out at the end of this Policy.

If at any time you do not wish to receive any direct marketing communications whether from us or from third parties, you can ask us not to send you any further direct marketing communications and not to disclose your personal information to third parties for that purpose by using the “unsubscribe” facility included in a prominent statement in the direct marketing communications or by contacting us via the details set out below.

Can you interact with us anonymously or under a pseudonym?

In many cases, you will need to provide your real name when interacting with us. You may however – wherever lawful and practicable – use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about any of our resources or services, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our resources or services, or we may not otherwise be able to respond adequately to you.

For clarification on when you must identify yourself, please contact our Privacy / Data Protection Officer. (You may use a pseudonym – or simply not identify yourself – when making such an enquiry.)

Who has access to my personal information?

Generally, only our officers and staff will access your personal information, and then only on a “need to know” basis.

We may also disclose your personal information:

  • to people who work for us or for one of our suppliers, or on our behalf, and who may be engaged in, among other things, technical support, processing payments and mail-outs, marketing, administration, research and providing other technical and non-technical support (including IT services);
  • to sponsors and promoters of any event or competition that we conduct or promote;
  • to enforce or apply our terms of use or where you have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary to the police, any relevant authority or enforcement body, or your internet service provider or network administrator;
  • to protect the rights, property, health or safety of ILF or its officers, customers or others (including exchanging information with other companies and organisations to protect against fraud and to reduce credit risk);
  • to our agents, legal advisers, business partners, joint venture entities and other partners;
  • to anyone else that you specifically authorise us to receive information held by us; and/or
  • as otherwise required or permitted by law (including under privacy legislation).

 

Also, while we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the privacy policy of any other web sites to which you provide personal information. We recommend that you read the privacy policies of such other web sites.

How long we keep your personal information

We only keep your personal information for as long as is necessary to provide you with the goods or services you have requested from us or for as long as we reasonably need to retain the information for our legitimate interests.

We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time we need to keep it.

Automated Decision-making

At this stage, we do not use automated decision-making which produces legal effects which significantly affects data subjects.

Your rights and choices

As set out in more detail below, you may:

  • withdraw any consent you have given to us in relation to our use of your personal information (including by contacting us as set out below or by “unsubscribing” to emails sent to you;
  • request access to the information we hold about you;
  • receive a copy of information we hold about you;
  • ask us to correct information we hold about you; and
  • make a complaint (as further discussed below) in relation to how we have collected or used your personal information.

How can I access (and, if necessary, correct or delete) personal information that we have collected and holds about me?

If you wish to review (and, if necessary, correct, update or erase) personal information that we may have collected and hold on you, please contact our Privacy / Data Protection Officer.

We will respond to your requests to access, correct or erase your personal information as soon as possible (but in any case, within a reasonable period).

How can you complain about us if we breach any of applicable privacy principles or any registered code that binds it?

Contact our Executive Director/ or Business Relationship & Fundraising Manager (details below) if you have a complaints about any breach of any applicable privacy principles or of any registered code that binds us. If you are located in the European Union, then you may make a complaint with a supervisory authority in your jurisdiction.

How will we deal with complaints you might have about breaches of applicable privacy legislation or any relevant registered code?

We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.

What steps do we take to secure personal information?

We take reasonable steps to ensure that your personal information is treated securely and in accordance with this policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, apart from using secure servers, we implement firewalls and password access and, where relevant, impose limits on who can access personal information. 

While we use Secure Sockets Layer (SSL) encryption software for security, please also note that the transmission of information (including over the Internet) is never completely secure. You understand, therefore, that the transmission and storage of personal information is not necessarily wholly secure, and that the steps we take to protect your personal information, though reasonable, may not always be effective. In those circumstances, we do not accept responsibility for any misuse or loss of, or unauthorised access to, your personal information. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.

If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Do we disclose personal information to people or organisations outside Australia?

We hold personal information securely both in our offices and on secure servers, some of which may be located overseas. The transfer of your personal information overseas is necessary for the performance of the Terms and Conditions.

Personal information may also be processed by staff or agents operating outside Australia. Such staff or agents may be engaged in, among other things, hosting information on the cloud, processing payment details and providing support services.

By submitting your personal information to us, you agree to such transfers, storing and processing. In return, we will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy policy to Australian standards.

We will not, however, transfer your personal information overseas to a country that is not subject to a comparable privacy scheme unless the organisation to which we disclose that information implements privacy policies comparable to the obligations that apply under Australian law.

Do we ever change our privacy policy?

We may review and amend our privacy policy from time to time. Any changes to our privacy policy will be incorporated into a new version of this Policy and posted on this page.

Who do I contact about privacy issues?

If you have any concerns or questions about privacy issues, including how we are dealing with or holding your personal information, contact our Business Manager/ Privacy / Data Protection Officer.

Please also contact our Business Manager Privacy / Data Protection Officer if, for example:

  • you want to review and/or correct any personal information we hold about you;
  • you would like to withdraw any consent you have given to us in relation to how we use your personal information; or
  • you receive communications purporting to be connected with us or our services that you believe have been sent other than in accordance with this policy or in breach of any law.