A NSW free from poverty and inequality

NCOSS Privacy Policy

POLICY STATEMENT

NCOSS is committed to protecting and upholding the right to privacy of staff, volunteers, Board members and representatives of agencies we deal with.

This policy conforms to the NSW Privacy and Personal Information Protection Act (PPIP Act) which governs the collection, use and storage of personal information across all NSW Government agencies. The terms of NCOSS funding agreement with the Department of Human Services requires that NCOSS observe the PPIP Act as if it were a government agency.

NCOSS is required to follow the 12 Information Protection Principles in the legislation and to prepare a Privacy Management Plan detailing:

  • The policies and practices that ensure compliance by the agency with the requirements of the PPIP Act
  • How these policies and practices are disseminated to persons within the agency
  • The procedures which NCOSS proposes to follow in relation to internal reviews under Part 5 of the PPIP Act
  • Any other matters which NCOSS considers relevant to privacy and to the protection of personal and health information.

NCOSS’ Privacy Management Plan is outlined in the procedures below.

This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.

Note: The Federal Privacy Act contains similar requirements and principles to the NSW PPIP Act, but does not apply to NCOSS while NCOSS’ annual turnover remains under $3m, or does not hold contracts with the Commonwealth government. However, NCOSS commits to the principles of the Act in this policy.

PROCEDURES

1.8.1 Dealing with personal information

In dealing with personal information, NCOSS staff will:

  • Ensure privacy for staff, volunteers or Board members when they are being interviewed or discussing matters of a personal or sensitive nature
  • Only collect and store personal information that is necessary for the functioning of the organisation and its activities
  • Use fair and lawful ways to collect personal information
  • Collect personal information only by consent from an individual
  • Ensure that people know what sort of personal information is held, for what purposes it is held and how it is collected, used, disclosed and who will have access to it
  • Ensure that personal information collected or disclosed is accurate, complete and up-to-date, and provide access to any individual to review information or correct wrong information about themselves
  • Take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure
  • Ensure personal information is not shared, sold, rented or disclosed other than as described in the NCOSS 1.8 Privacy policy
  • Destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired.

1.8.2 Types of personal information collected

NCOSS may collect the following types of information:

  • Name
  • Mailing/Street address
  • Email address
  • Fax
  • Telephone – landline/mobile
  • Profession/occupation/job title
  • Details of service provided and additional information necessary to deliver those products and services and to respond to enquiries
  • Additional information that is provided directly through use of the NCOSS website or online presence, through NCOSS representatives or otherwise
  • Information provided by members, etc, through our service centre, surveys or visits by NCOSS representatives from time to time
  • Information to process payroll and enabling reports to ATO and payments of superannuation contributions.

NCOSS may also collect information that is not classified as personal information because it does not identify individuals. Eg NCOSS may collect anonymous answers to surveys or aggregated information about how the NCOSS website is used.

NCOSS may distribute direct marketing communications and information about NCOSS products and services. These communications may be sent in various forms including mail, SMS, and email in accordance with marketing laws such as the Spam Act 2003 (Cth). If there is a preference for a method of communication, NCOSS will endeavour to use that method whenever practical to do so. Recipients may opt out of receiving marketing communications from NCOSS by contacting NCOSS or by using opt-out facilities provided in the marketing communications and NCOSS will ensure the name is removed from the mailing list.

1.8.3 How personal information is collected

NCOSS collects personal information directly from individual concerned unless it is unreasonable or impracticable to do so. When collecting personal information NCOSS may collect in ways including:

  • Through the individual’s access and use of the NCOSS website
  • During conversations between the individual and the NCOSS representative
  • When the individual completes an application or purchase order.

NCOSS may also collect personal information from third parties including:

  • From third party companies such as law enforcement agencies and other government entities.

NCOSS collects personal information directly from individual concerned unless it is unreasonable or impracticable to do so. When collecting personal information NCOSS may collect in ways including:

  • Through the individual’s access and use of the NCOSS website
  • During conversations between the individual and the NCOSS representative
  • When the individual completes an application or purchase order.

NCOSS may also collect personal information from third parties including:

  • From third party companies such as law enforcement agencies and other government entities.

All forms used by NCOSS to collect personal information (including membership and registration forms) will carry a statement to the effect that personal information is only used for the purpose indicated on the form and that the information gathered is subject to protection under the NCOSS 1.8 Privacy policy.

Cookies

NCOSS may collect personal information through the use of cookies. When the website is accessed NCOSS may send a “cookie” (a small summary file containing a unique ID number) to the user’s computer. This enables NCOSS to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. NCOSS uses this to research users’ habits to improve NCOSS online products and services. These cookies do not collect personal information. Users who do not wish to receive cookies can set their browser to not accept them.

NCOSS may also log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users movements, and gather broad demographic information.

1.8.4 NCOSS’ response if personal information cannot be collected

If personal information described above is not or cannot be provided, some or all of the following may happen:

  • NCOSS may not be able to provide the requested products or services, either to the same standard or at all
  • NCOSS may not be able to provide information about the requested products and/or services.

1.8.5 Purposes for which personal information may be collected, held, used and disclosed

NCOSS collects, holds, uses and discloses personal information for the following purposes:

  • To provide products and services and send communications as requested by the individual
  • To answer enquiries and provide information or advice about existing and new products or services
  • To provide you with access to protected areas of our website
  • To assess the performance of the website and to improve the operation of the website
  • To conduct business processing functions including providing personal information to contractors, service providers or other third parties;
  • For the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of NCOSS, its related contractors or service providers
  • To provide updated personal information to NCOSS contractors or service providers;
  • To update NCOSS records and keep contact details up to date
  • To process and respond to any complaints
  • To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (or political sub- division of a country).

1.8.6 To whom personal information may be disclosed

NCOSS may disclose personal information to:

  • NCOSS employees, contractors or service providers for the purposes of operation of the NCOSS website or business, fulfilling requests, and to otherwise provide products and services including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
  • Suppliers and other third parties with whom NCOSS has commercial relationships, for business, marketing, and related purposes; and
  • Any organisation for any authorised purpose with the express consent of the owner of the personal information.

NCOSS staff will not release the contact details for people or their organisations that are:

  • Members of NCOSS
  • Members of any NCOSS forum
  • Participants in the NCOSS Community cover
  • Attendees at an NCOSS workshop seminars, conferences or consultations
  • Purchasers of NCOSS products or publications.

The NCOSS CEO must approve the release of contact details for any individual whose details were obtained by NCOSS through the above activities.

1.8.7 Direct Marketing

NCOSS may distribute direct marketing communications and information about NCOSS products and services. These communications may be sent in various forms including mail, SMS, and email in accordance with marketing laws such as the Spam Act 2003 (Cth). If there is a preference for a method of communication, NCOSS will endeavour to use that method whenever practical to do so. Recipients may opt out of receiving marketing communications from NCOSS by contacting info@ncoss.org.au or by using opt-out facilities provided in the marketing communications and NCOSS will ensure the name is removed from the mailing list.

1.8.8 Responsibilities for managing privacy

  • All staff are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work. Staff members should raise any concerns they have regarding privacy with their supervisor.
  • Media and Communications Manager  is responsible for content in NCOSS publications, communications and website ensuring the following:
    • Appropriate consent is obtained for the inclusion of any personal information about NCOSS personnel
    • Information being provided by other agencies or external individuals conforms to privacy principles
    • That the website contains a privacy statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
  • Administration Coordinator is responsible for safeguarding personal information relating to NCOSS staff, Board members, volunteers, contractors and NCOSS members.
  • CEO and Deputy CEO are responsible for over sighting the organisation’s Privacy Management Plan.
  • The NCOSS Privacy Contact Officer: The NCOSS Privacy Contact Officer will be the NCOSS CEO. The NCOSS Privacy Contact Officer will be responsible for:
    • Ensuring that all staff are familiar with the Privacy Policy and administrative procedures for handling personal information
    • Handling any queries or complaint about a privacy issue
    • Acting as the point of contact for liaison with the Information and Privacy Commission New South Wales (IPC NSW).

1.8.9 Internal review

A person wishing to complain about the handling of their personal information or about a breach of their privacy will be requested to lodge their concern with the NCOSS Privacy Officer who will conduct an investigation according to the requirements under the legislation and:

  • Notify IPC NSW that they have received the application for internal review
  • Keep IPC NSW informed of the progress of the internal review
  • Consider any relevant material submitted by the applicant or by IPC NSW
  • Complete the review as soon as possible
  • Once the review is finished, notify the applicant and IPC NSW of the findings of the review (and the reasons for those findings), and the action proposed to be taken
  • Notify the applicant of any other rights they may have.

Once the review is finished, NCOSS may take no further action, or it may do one or more of the following:

  • Make a formal apology
  • Take remedial action
  • Provide undertakings that the conduct will not occur again
  • Implement administrative measures to ensure that the conduct will not occur again.

 

Follow NCOSS - NSW Council of Social Service on: