Publication date: Version 3, September 2019
Water Stewardship Australia Ltd (trading as Water Stewardship Asia Pacific, WSAP) collects and administers a range of personal information for the purposes of membership, training, projects, via website browsers and social media, donations of time, money and resources, and campaign and program support. We collect information including name, home or e-mail address, telephone numbers, banking details and receipting information.
WSAP is committed to protecting the privacy of personal information it collects, holds and administers.
WSAP recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies.
All staff & volunteers are bound by the Commonwealth Privacy Act 1988. The Privacy Amendment Act 2000 governs the collection, use and storage of personal and/or sensitive information, including written and verbal information.
We are committed to ensuring that information is used in an ethical and responsible manner.
The duty to preserve confidentiality is regulated by privacy legislation.
How your information is collected and stored
How we collect and store your personal and sensitive information varies depending on the purpose for which it is collected, but most information will be collected in connection with your dealings with us.
We will only collect sensitive information – such as: gender; racial or ethnic origin where required and with Board approval.
However, we are also likely to receive your personal information from sources such as public records, mailing lists, contractors, staff, recruitment agencies and our members.
How information is kept safe
We may store personal information in physical or electronic form, as is necessary to carry out our functions. All personal information is securely stored by us or by our authorised external providers. Only authorised staff will have access to this information, namely the CEO and other staff as approved by the CEO.
We will take all reasonable steps to protect all collected personal information from misuse, interference, loss and unauthorised access, modification or disclosure.
Reasonable physical safeguards include: lockable filing cabinets & unattended storage areas, positioning technological hardware so they cannot be seen or accessed by unauthorised people.
Reasonable technical safeguards include: passwords to restrict computer access, requiring regular changes to passwords, establishing different access levels for staff & volunteers, ensuring information is transferred securely, and installing virus protections and firewalls. The Confidentiality Policy & Procedures outlines the expectations of all staff & volunteers to take all reasonable steps to protect organisational and personal information. All staff & volunteers are required to sign this.
If we no longer require the personal information for any specified purpose and we are not required by Australian law or courts to retain the information, we will take reasonable steps to destroy or de-identify the information.
How we share personal information
We will only share personal information:
- in accordance with express consent;
- as provided through the exclusions set out in the Commonwealth and Victorian privacy legislation (including the Australian Privacy Principles);
- as required or permitted by any law; or
- in accordance with the Privacy Notice provided to you at or near the time of collection of your personal information.
We do not disclose or sell any personal information to unrelated third parties under any circumstances.
How individuals can access and correct personal information
Individuals have the right to access your personal information, subject to some exceptions allowed by law. Access can be obtained to personal information by contacting the CEO in writing.
Related documents
Australian Privacy Principles
Commonwealth Privacy Act 1988
Victorian Privacy & Data Protection Act 2014
Definitions
Personal information
This is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in material form or not. It may include information such as names, addresses, bank account details and health conditions (Privacy Act 1988).
Sensitive information
This is information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health, genetic or biometric templates, that is also personal information (Privacy Act 1988).
Consent
Means voluntary agreement to some act, practice or purpose. Consent has two elements: knowledge of the matter agreed to and voluntary agreement.
Confidentiality
Implies the relationship of confidence between the organisation and individuals. Confidentiality ensures that information is accessible only to those authorised to have access.
Organisational information
Includes publicly available, and some confidential information about organisations. Organisational information is not covered by the Privacy Act (1988) but some organisational information may be deemed confidential.