Privacy Policy
1.0 Purpose
Endeavour Foundation respects the privacy of all Endeavour Foundation people including members, employees and volunteers, customers/beneficiaries/people who access services, clients, donors, business partners and online users.
At Endeavour Foundation we recognize that we have an obligation to comply with Australian Law.
The purpose of this policy is to:
a) Clearly communicate how and for what purposes Endeavour Foundation collects, uses, discloses and stores personal information, and how individuals may access and correct personal information held about them;
b) Enhance the transparency of Endeavour Foundation operations;
c) Ensure employees and volunteers are aware of their obligations; and
d) Give individuals a better and more complete understanding of the personal information that Endeavour Foundation holds, and the way in which such information is managed.
2.0 Scope
This policy applies to the management and use of information relating to all Endeavour Foundation members, employees, volunteers, customers/beneficiaries, people who access services, clients, donors, business partners and online users.
While the Privacy Act 1988 (Cth) does not apply to employee records, Endeavour Foundation has extended this Policy to include employee records.
This Policy also applies to Endeavour Foundation, and all its subsidiaries including but not limited to Community Solutions Group Ltd, SkillsPlus Ltd, Acclaim Apprentices and Trainees Ltd, BRACE Education Training & Employment Ltd, National Disability Living Solutions Ltd, Endeavour Foundation Endowment Challenge Fund Ltd and Torgas Inc.
3.0 Definitions
APP refers to the Australian Privacy Principles listed in Schedule 1 of the Privacy Act 1988 (Cth).
Australian law means:
a) An Act of the Commonwealth or of a State or Territory; or
b) Regulations, or any other instrument, made under such an Act.
Authorised personnel refers to anyone who occupies an Endeavour Foundation position with an inherent requirement to access personal information.
Business partners refers to a business that provides support to Endeavour Foundation via the provision of funds, time or services, including suppliers, whether paid or not.
Clients/beneficiaries/people who access services, refers to an organisation or individual which receives support, goods or services from Endeavour Foundation either regularly or on a short term basis.
Customers refers to anyone who purchases goods or services from Endeavour Foundation.
De-Identification refers to the process used to prevent a person’s identity from being connected with information.
Donors refers to a person or business who makes a one-off or occasional financial and/or in kind contribution to Endeavour Foundation.
Endeavour Foundation (“we”, “our”, “us”) refers to Endeavour Foundation, together with all of its subsidiaries including but not limited to:
i. Community Solutions Group Ltd;
ii. SkillsPlus Ltd;
iii. Acclaim Apprentices and Trainees Ltd;
iv. BRACE Education Training & Employment Ltd;
v. Endeavour Foundation Endowment Challenge Fund Ltd;
vi. National Disability Living Solutions Ltd.
vii. Torgas Inc;
Endeavour Foundation people (“you”, “your”, “their”, “them”) refers to members, employees,
volunteers, clients/beneficiaries/people who access services, customers, donors, business partners and online users (including delegates) of Endeavour Foundation.
Endeavour Foundation services refers to the services described in section 4.0 of this Policy.
Endeavour Foundation website refers to the Endeavour Foundation website such as, but not limited to, www.endeavour.com.au and all related sites and micro-sites including those operated by subsidiaries of Endeavour Foundation.
Online users refers to anyone that accesses the Endeavour Foundation websites such as, but not limited to, www.endeavour.com.au, www.endeavourlotteries.com.au and all related sites and micro-sites.
Personal information as defined by section 6 of the Privacy Act 1988 (Cth), is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
Sensitive information as defined by section 6 of the Privacy Act 1988 (Cth), is:
a) Information or an opinion about an individual’s:
i. Racial or ethnic origin; or
ii. Political opinions; or
iii. Membership of a political association; or iv. Religious beliefs or affiliations; or
v. Philosophical beliefs; or
vi. Membership of a trade union; or
ii. Sexual orientation or practices; or viii. Criminal record.
That is also personal information; or
b) Health information about an individual; or
c) Genetic information about an individual that is not otherwise health information; or
d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
e) Biometric templates.
4.0 Overview of Endeavour Foundation Programs and Services
Endeavour Foundation is one of Australia’s largest non-government disability service providers dedicated to supporting people living with a disability and helping them to make possibilities a reality. Endeavour Foundation provides services for people living with a disability in over 230 locations around Australia. These programs include, for example:
- Home and Daily Life;
- Learning;
- Work and Commercial;
- Social and Community Participation;
- Relationship and Independence.
Endeavour Foundation also provides some community aged care services.
5.0 Endeavour Foundation’s Legal Obligations
The Privacy Policy sets out how Endeavour Foundation complies with the obligations set out under the Privacy Act 1988 (Cth) (“Privacy Act”). Endeavour Foundation is bound by the Australian Privacy Principles (‘APPs’) found within the Privacy Act. The APPs regulate how organisations may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them. At all times, Endeavour Foundation is committed to complying with the APPs and other privacy obligations required to be observed under State and/or Commonwealth Government law.
6.0 Collection of Personal and Sensitive Information
If Endeavour Foundation services are sought on an anonymous basis or through use of a pseudonym, reasonable steps will be taken to comply with such a request, provided it is safe and lawful. However, some support and/or services may not be able to be provided without certain requested personal information.
The nature and extent of personal and sensitive information collected by Endeavour Foundation varies depending on the type of interaction requested by individuals involved.
Endeavour Foundation collects personal and sensitive information from clients/beneficiaries, donors, business partners, members, online users, Endeavour Foundation people (volunteers, employees, delegates and candidates for volunteer work and prospective employees) in order to deliver offered services. Sought after information can include:
a) contact details;
b) personal details;
c) date of birth;
d) bank details;
e) health information;
f) information on personal issues and experience;
g) purchase/donation history;
h) Australian Business Number (ABN)/Tax file numbers;
i) transaction details associated with Endeavour Foundation Tickets, donations, products and
services;
j) payment details such as credit card number and expiry date;
k) server/IP address, browser type, date and time of visit; and/or
l) any other information considered reasonable for the conducting of Endeavour Foundation Business.
Endeavour Foundation does not match the personal information collected with the non-personal information.
6.1 Prospective and current volunteers, employees, delegates and candidates
In relation to current or potential Endeavour Foundation people, additional information may be collected, including:
m) emergencycontactperson(s);
n) country of birth, citizenship, residency and/or visa details;
o) details of current/previous employment or volunteer involvement;
p) skills and experience;
q) languages spoken and written;
r) qualifications, drivers license details;
s) information and opinions from referees for prospective employees and candidates for volunteer
work
t) health information;
u) a Criminal History Check may be required for some roles in Endeavour Foundation (particularly
those involving children, young people and other vulnerable people). Individuals will be required
to provide certain information for a Criminal History Check; and/or
v) a psychological profile report may be requested for some roles in Endeavour Foundation.
6.2 Health Information
Endeavour Foundation may collect health information as part of providing services. For example, medical history may be collected from some clients/beneficiaries participating in Endeavour Foundation programs to ensure that services are specific to their needs and safety is maintained for all Endeavour Foundation people involved.
When collecting health information, Endeavour Foundation will obtain your consent and explain how the information will be used and disclosed. Any health information provided will not be used beyond what was consented to, unless further permission is obtained, or the use of such information is in accordance with one of the exceptions under the Privacy Act or in compliance with another law.
Where health information is used for research or statistical purposes, it will be de-identified.
7.0 How We Collect Information
Where possible, Endeavour Foundation will collect personal and sensitive information directly from you. Information may be collected through various means, including telephone and face-to-face interviews, appointments, forms, questionnaires and through Endeavour Foundation websites.
Any concerns about requested information may be raised to an Endeavour Foundation representative.
In some situations, Endeavour Foundation may need to obtain personal information about you from a third- party source, such as a Health Care Professional. Where possible, your permission will be sought before such information is requested and steps taken to ensure you’re aware of the purposes the information is being collected for, as well as any other organisations to which the information may be disclosed to, subject to any exceptions under the Privacy Act.
8.0 Use of Personal Information
8.1 Purposes for which Endeavour Foundation uses personal information
a) To process an application or facilitate involvement regarding employment, volunteering, services, placements and/or programs within Endeavour Foundation;
b) To assess, plan and provide you with appropriate services including communicating with your emergency contacts, advocates, treating professionals and the like;
c) To meet any legal, accounting and/or routine reporting requirements or best practice standards- including what may be required by government or other funding programs;
d) To process donations, purchases and receipting;
e) To monitor and evaluate existing services, plan for future services and improve our services and
programs;
f) To provide transparency about the management and administration of donated funds,
particularly for appeals for public donations including recognising your support of Endeavour
Foundation;
g) To facilitate ongoing fundraising, grant submissions, marketing, and other activities to ensure the
ongoing financial viability of Endeavour Foundation;
h) To establish and manage partnerships and business relationships, as both a purchaser and
provider of goods and services;
i) To process pay, superannuation, direct debits and salary sacrifice for employees, and manage
performance and employment matters generally;
j) To keep people informed about Endeavour Foundation news, developments, services and
opportunities;
k) To facilitate further involvements with Endeavour Foundation (eg. disability supports, business
solutions, membership, donor);
l) To support the review of complaints and investigation processes by Board appointed external
Endeavour Foundation uses personal information for the purposes it was collected for, or for purposes which are related to one of the organisation’s functions or activities.
From time-to-time, promotional offers and special events will be communicated through direct marketing and other channels. Individuals will be provided with a simple means to opt-out of these communications.
committees.
8.2 Additional information for unsuccessful applicants
Information relating to unsuccessful candidates for employment or volunteer work will be stored securely for reference as required to provide feedback to the applicant or, with the applicant’s consent, for consideration of other opportunities within Endeavour Foundation. This information will be destroyed after 12 months.
9.0 Disclosure of Personal Information
For the purposes referred to in this Privacy Policy, Endeavour Foundation may also disclose your personal information to other external organisations if reasonably necessary, including:
a) Government departments/agencies providing funding for Endeavour Foundation services;
b) Contractors who provide and/or manage some of the services offered by Endeavour Foundation.
Reasonable steps are taken to ensure such contractors comply with the APPs. Contractors are only authorized to receive and use personal information if they need it to provide the services or to perform the functions required by Endeavour Foundation;
c) Doctors and health care professionals who assist in delivering our services;
d) Other regulatory bodies, such as SafeWork Australia;
e) Referees and former employers of Endeavour Foundation employees and volunteers, and
candidates for Endeavour Foundation employment and volunteer positions;
f) External auditors, insurers or other professional advisers and agents of Endeavour Foundation;
g) Endeavour Foundation may disclose, when necessary, information relevant to a credit reporting
body, where an Act or relevant Code permits us to do so, for the purposes of that body or a third-party entity assessing an application for credit. The credit reporting bodies may include, but not be restricted to:
. Dun and Bradstreet (Australia) Pty. Ltd;
. Veda Advantage Information Services and Solutions Ltd;
. Experian Australia Credit Services Pty Ltd.
i ii iii
9.1 Disclosure Exceptions
Except as set out above, Endeavour Foundation will not disclose an individual’s personal information to a third-party unless one of the following applies:
a) The individual has consented to the release;
b) The release is required or authorized by law;
c) The individual would reasonably expect Endeavour Foundation to use or give that information for
another purpose related to the purpose for which it was collected (or in the case of sensitive
information – directly related to the purpose for which it was collected);
d) It will prevent or lessen a serious threat to an individual’s life, health or safety, or the public’s
health or safety;
e) It is reasonably necessary for Endeavour Foundation to take appropriate action in relation to
suspected unlawful activity, or misconduct of a serious nature relating to our functions or
activities; and/or
f) It is reasonably necessary for law enforcement purposes.
Endeavour Foundation will, where necessary and appropriate, take reasonable steps to have appropriate confidentiality deeds in place in instances where information is disclosed to third-party agents of Endeavour Foundation.
Endeavour Foundation will not sell your personal information to any third-party.
10.0 Security of Personal and Sensitive Information
Endeavour Foundation takes reasonable steps to protect any personal and sensitive information held against misuse, inference, loss, unauthorised access, modifications and disclosure, as well as follow any such requirements set out by the law.
If Endeavour Foundation becomes aware of a breach or potential breach of security relating to your personal or sensitive information, all reasonable and legal steps to secure the information and/or stop a further breach will be taken. You will be advised if the breach is likely to result in any serious harm. You will also be advised of any recommendations on how you should respond to such a breach.
Personal and Sensitive information will be destroyed securely once the appropriate time limits have been reached.
11.0 Access to and Correction of Personal Information
If an individual requests access to the personal information Endeavour Foundation holds about them, or requests changes be made to their personal information, we will allow access and/or make the changes unless it’s reasonably believed a valid reason to withhold the information or not allow the changes exists under the Privacy Act or any other relevant piece of legislation.
Requests for access and/or corrections should be made to the Privacy Officer (details are set out in section 13.0). For security reasons, such requests must be made in writing and proof of identity provided. This helps ensure personal information is provided to the correct individual.
If Endeavour Foundation does not agree to share or correct personal information per your request, you will be provided with a written explanation of the reasoning behind the decision and what steps can be taken to challenge it.
Where a request is accepted, Endeavour Foundation will generally provide a summary of the information held about the individual. Unless told otherwise, it will be assumed that the request relates to current records (no older than six months). These current records will include personal information held in Endeavour Foundation databases and in paper files that are generally used on a day-to-day basis.
Endeavour Foundation will provide access by allowing you to inspect, take notes or printouts of personal information held about you. If personal information (for example, name and address details) is duplicated across different databases, Endeavour Foundation will generally provide one printout of this information unless otherwise requested.
All reasonable steps will be taken to provide access to the information requested within 14 days of the
request. For more complicated requests or requests requiring access to large volumes of information, all reasonable steps will be taken to provide access or the information requested within 30 days.
Endeavour Foundation may charge you reasonable fees in regard to any costs incurred relating to the access to information request, including the cost of photocopying and delivery costs of information stored off- site.
If an individual is able to establish that personal information Endeavour Foundation holds about them is not accurate, complete or up-to-date, reasonable steps will be taken to correct our records in a timely manner.
11.1 Endeavour Foundation may refuse access to information
Endeavour Foundation may refuse to provide access to or copies of information held in circumstances where:
a) The request does not relate to the personal information of the person making the request, except where that person is the legal guardian, or substitute decision-maker of the person whose information is being requested;
b) Providing access would pose a serious threat to the life, health or safety of a person, or to the public health, or public safety;
c) Providing access would create an unreasonable impact on the privacy of others;
d) The request is frivolous and/or vexatious;
e) The request relates to existing or anticipated legal proceedings and would not be required to be
disclosed in those proceedings;
f) Providing access would prejudice negotiations with the individual making the request;
g) Access would be unlawful;
h) Denial of access is authorized or required by law, including by Order of a Court or Tribunal;
i) Endeavour Foundation has reasonable suspicion that unlawful activity or serious misconduct
relating to their functions or activities has been, is being or may be engaged in, and access
would prejudice taking appropriate action in relation to the matter;
j) Access would prejudice law enforcement activities, for example, a police investigation;
k) Access discloses a ‘commercially sensitive’ decision making process or information; or
l) Any other reason that is provided for in the APP’s or in the Privacy Act.
If a request for access to information is denied, the reasons for denying such access will be set out for you. Where there is a dispute about right of access to information or forms of access, this will be dealt with in accordance with the complaints procedure set out below.
11.2 Privacy Complaints Procedure
If you have provided us with personal and/or sensitive information, or we have collected and hold your personal and/or sensitive information, you have a right to make a complaint and have it investigated and dealt with.
A privacy complaint can relate to any concerns you may have regarding Endeavour Foundation’s privacy practices or the handling of your personal and sensitive information by the organisation. This could include matters such as how information is collected or stored, how information is used or disclosed, or how access
to personal and sensitive information is provided.
Endeavour Foundation is committed to achieving an effective resolution regarding privacy complaints within a reasonable timeframe, usually 30 days or as soon as practicable. However, where the matter is complex or materials need to be located or retrieved from archives, the resolution may take longer. Where appropriate, discussions may occur with the complainant if Endeavour Foundation believes the matter will take over 30 days to manage.
A privacy complaint can be made out to the Endeavour Foundation Privacy Officer, details found in section 13.0.
12.0 Changes to this Privacy Policy
Endeavour Foundation reserves the right to review, amend and/or update this policy in accordance with Australian law.
13.0 Further Information
Further information about National Privacy Laws is available from the Office of the Australian Information Commissioner, www.oaic.gov.au
Further information about this policy can be obtained from the Endeavour Foundation Privacy Officer at [email protected].
13.1 Related Documents
- QP 5015 Notifiable Data Breaches Policy
- Privacy Act 1988 (Cth)