Privacy Policy

Privacy and Data Collection Policy

At the Maribyrnong River and Waterways Association (the “Organisation”), our mission is to advocate for greater commitment and investment in protecting and restoring waterways in the Maribyrnong catchment. We value privacy and are committed to protecting personal information. Our volunteers, staff, and supporters play a vital role in enabling us to fulfil our mission.

This Privacy Policy outlines how we collect, use, store, and disclose personal, health, financial, and sensitive information in compliance with the Australian Privacy Principles, the Privacy Act 1988 (Privacy Act), the Privacy and Data Protection Act 2014, and other relevant legislation.

Definitions 

Personal Information: Personal information encompasses any information or opinion about an identified or reasonably identifiable individual. Examples include a person’s name, signature, photograph, address, contact details, date of birth, gender, sexuality, race, IP address, and employee or volunteer records.

Sensitive Information: Sensitive information is a subset of personal information subject to stringent protection controls. It includes data such as racial or ethnic origin, membership of a political association, criminal record, and health information.

Health Information: Health information is a category of sensitive information subject to enhanced protection. It comprises information or opinions about an individual’s allergies, illness, injury, or disability.

Financial Information: Financial information pertains to salary, banking details, and tax file numbers of staff in relation to employment.

Security Breach: A security breach refers to any incident leading to unauthorised access to computer data, applications, networks, or devices, resulting in unauthorised information access.

Data Collection

To support our operations, programs, and compliance efforts, we collect various types of information using online forms, paper forms, photos, and third-party platforms like donation portals. This information includes, but is not limited to:

  • Staff: Employee details, licenses, health information, banking details, TFN, and photos.
  • Prospective Staff and Volunteers: Data collected during recruitment, including health information, code of conduct, and photos.
  • Volunteers: Registration details, health information (if relevant), code of conduct, and photos.
  • Program Participants: Signatures, registration details, photos, and emergency contact information.
  • Youth and Children: Event registration data and photos.
  • OH&S Incidents: Information related to occupational health and safety incidents.
  • Other: Data may include reference checks and any additional information relevant to our operations.

We collect data during employee or volunteer induction, event registration, donation collection, and in response to first aid incidents. When individuals sign up with the Organisation on the website, they must consent to our Privacy Policy, including the following statement:

“The Maribyrnong River and Waterways Association will never share your personal information with any other parties without your consent. Your information will help us design future programs that are more tailored to our participants and keep you informed about upcoming events, promotions, and news relevant to the Organisation.”

Data Storage

We prioritise the secure storage of personal and sensitive information. Data collected is digitised and password-protected promptly. Original paper forms and information are either shredded or stored in secure locations as needed, such as signed documents for insurance or tax purposes.

Data Access

Individuals have the right to manage their subscription preferences for receiving communications from the Organisation by using unsubscribe links in all bulk emails.

Individuals may contact our staff to access, view, or correct their current personal data stored by the Organisation. Access to personal data is granted based on relevance to staff roles to minimise data exposure.

Personal information and related documentation are retained for a minimum of seven years or until a minor reaches age 18 plus seven years. Our Customer Relationship Management (CRM) database is encrypted and password-controlled, with access based on staff roles and permissions endorsed by the Chief Executive Officer (EO) or similar role.

Photo Permissions

Photographs and film footage may be used by the Organisation and program sponsors and partners for various purposes, including newsletters, presentations, media releases, social media (e.g., Facebook, Twitter, and Instagram), videos, and associated websites.

  • Children Under 18: For children under 18, we require a signed permission slip from a parent/guardian to photograph or film the child and use their image in materials. We will not use photos of children without a signed permission form.
  • Adults: For adults, we provide a permission slip to be photographed or filmed, including a negative permission option. We will not use photos without a signed permission form.
  • Opt-Out at Large Events: At large events, clear signage will indicate the presence of filming and photography, and attendees will be given the option to request not to be photographed.
  • Opt-In via Online Event Bookings: In some cases, online event registration will include a tickbox for participants to record their photo permission preferences stored in their CRM contact record.

 

Breach of Privacy

In the event of a suspected or actual data security breach, the Organisation will follow established protocols as defined in the ‘Data breach preparation and response – A guide to managing data breaches following the Privacy Act 1988 (Cth).’

Sharing of Information

The Organisation is committed to safeguarding personal information. We will never share personal details with any third parties without the explicit consent. The information is used exclusively to improve programs, tailor them to our participants, and keep them informed about upcoming events, promotions, and news relevant to our mission.

Consent and Privacy Policy

By signing up or engaging with the Organisation through the website or other means, individuals must consent to our Privacy Policy. This consent affirms their understanding of our privacy practices, including data collection, storage, and usage, as outlined in this policy.

Changes to this policy

The Organisation reserves the right to amend this Privacy Policy as needed. Any updates will be posted on the website, and individuals are encouraged to review the policy periodically. Continued engagement with the Organisation after changes have been made indicates acceptance of the revised Privacy Policy.

Scroll to Top