Privacy Statement

April 2019

Your privacy is important to us. This privacy statement describes how we collect, use and protect your private and confidential information when we are managing our services and doing our policy and advocacy work.

The privacy statement complies with Commonwealth and Victorian privacy laws and requirements. These laws give you rights that apply when we collect, use, disclose and dispose of your personal information – that is, information that identifies or could identify you, such as your name, address or phone number. Because some people who use our website or receive our newsletter are from the US, UK and EU, we also follow the European Union General Data Protection Regulations (GDPR) May 2018.

This privacy statement applies to all COTA Victoria and Seniors Rights Victoria users.

If you have questions or concerns about this privacy statement, contact us on (03) 9655 2100.

In this privacy statement:

How we collect your personal information

We collect personal information, with permission, directly – unless it is unreasonable or not practical.

We may collect personal information from you by:

  • telephone
  • email
  • postal mail
  • fax
  • social media (including Facebook, Twitter and LinkedIn)
  • documents you give us (such as event registration forms)
  • your use of our websites (for example, seniorsrights.org.au or cotavic.org.au).

We also may collect:

  • information related to the way that you have contacted us, such as technical or tracking information stored in cookies
  • non-identifiable information that is not personal information, such as anonymous answers to surveys and combined information about how people use our website
  • personally sensitive information, if we need this information so we can provide a service to you
  • personal information from third parties, such as where a third party acting on our behalf collects membership information for us.

You do not have to give us personal information. However, if you don’t, we may not be able to:

  • give you information about our services that you may want
  • provide our services to you, or provide them at the same standard as usual
  • match the information on our website to your preferences – so it might not be as enjoyable or useful for you to use.

How we use your personal information

We collect your personal information so that we can:

  • give you advice, assistance and services
  • send you communications you have asked for
  • answer your questions and give you information or advice about services
  • manage your COTA Victoria membership
  • contact you about volunteering opportunities and activities
  • manage your attendance at our events, and collect any attendance or entrance fees
  • take payments from you and give you any products that you have bought from us
  • manage your participation in a focus group, research project or other program we run, including feedback
  • measure how well our communications channels are performing and improve them
  • tell promotional stories about what we do, such as on our website, e-news, annual reports, speeches, publications such as ONE COTA, media releases and social media posts
  • do administration, planning, product and service development, quality control and research, and enable related parties, contractors or service providers to do this
  • provide updated personal information to our related parties, contractors or service providers
  • update our records and contact details
  • deal with any complaints
  • follow the law, cooperate with government and regulators, and meet the requirements of organisations that fund us
  • support our advocacy and policy development.

How we share your personal information

Sometimes we will share your personal information with other people or organisations, for specific reasons.

PERSON OR ORGANISATION REASON FOR SHARING
our employees, related parties, contractors or service providers
  • to provide our services
  • to run our website
  • to run our business
  • to do something you have asked us to do
third parties (such as web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors)
  • to provide our services
suppliers and other third parties with whom we have commercial relationships
  • for business purposes
  • for marketing purposes
  • for other related purposes
any other organisation
  • for any authorised purpose, provided you give us your permission
overseas organisations, including our e-newsletter service provider and other ICT service providers, who may store personal information in the United States of America or the European Economic Area
  • for some of the purposes listed above

Note: We take reasonable steps to make sure overseas organisations don’t breach privacy rules to do with personal information

Within Australia, we may combine or share any information that we collect with information collected by any of our related parties.

How we store and dispose of your personal information

We will keep your personal information secure by storing:

  • hard copy information in locked filing cabinets
  • electronic information on password-protected computer servers.

We will take reasonable steps to make sure your personal information is not misused; lost; or accessed, changed or shared without permission.

We will take reasonable steps to destroy or de-identify your personal information when we don’t need it any longer, or when we are no longer required by law to keep it, whichever comes later. However, if the information is part of a Commonwealth record, we won’t destroy or de-identify it.

Accessing and correcting your own personal information

Whenever you wish, you can contact us and ask to see any personal information we have about you.

  • If we have personal information about you that you have a right to access, we will try to give it to you in a suitable manner (for example, by mailing or emailing it to you). If it costs us money to give you the information, we may charge you a reasonable fee to cover these costs. Our Manager of Organisational Support will decide how much the fee is, and confirm that you agree to it.
  • If we have personal information about you that we can’t give you access to, we will explain why in writing. For example, we can’t give you your personal information if it breaches the privacy of others, or if it would cause a breach of confidentiality.

If you think that personal information we have about you is wrong or missing something, you can ask us to correct it.

  • If we agree that the information needs to be corrected, we will make the change and will not charge you any fee to do this.
  • If we don’t agree that the information needs to be corrected, we will add a note to your personal information saying that you disagree with it.

Website privacy and security

When you use our website, we may send a cookie – a small summary file with a unique ID number – to your computer or other device. Cookies allow us to:

  • recognise your computer or other device
  • greet you each time you visit our websites without asking you to register again
  • keep track of what services you have looked at so that, if you agree, we can send you news about our services
  • measure traffic patterns
  • find out what parts of our websites have been visited
  • measure transaction patterns in the aggregate
  • improve our online services based on research about our website users.

Our cookies do not collect personal information. If you don’t want to receive cookies, you can set your browser so that your device does not accept them, but this may prevent us providing a service to you that you have or are requesting.

We may log IP addresses (that is, the addresses of devices connected to the internet) so that we can analyse trends, manage our websites, track users’ movements, and gather broad demographic and geographic information.

Our websites are linked to the internet, which is inherently insecure. This means we can’t promise that information sent to us online is secure and won’t be intercepted while being sent over the Internet. Any personal or other information or other information your send to us online is sent at your own risk.

Our websites may have links to other websites run by third parties. We make no representations or warranties about the privacy practices of any third party website, and we are not responsible for the information on any third party website or their privacy policies. Third party websites are responsible for telling you about their own privacy practices.

Marketing communications

We may send you e-newsletters, marketing communications and information about our events and services that we think may interest you. We may send these in a range of ways, including by mail, SMS, fax or email. We follow laws including the Spam Act 2003 (Cwlth), which makes it illegal to send commercial messages to someone who didn’t agree to receive them.

If you tell us you have a preferred way of receiving marketing communications, we will try to use this method whenever it’s practical.

If you don’t want to receive our marketing communications, you can opt out whenever you wish, either by:

  • contacting us
  • following the opt-out instructions in our marketing communications.

When you opt out, we will take your name off the requested mailing lists.

We will not give your personal information to other organisations for direct marketing purposes.

If you think we have breached your privacy

If you think that COTA Victoria, a staff member, Board member or volunteer has breached your privacy or someone else’s, you can make a formal complaint.

To make such a complaint, provide details of the incident to the COTA Victoria Privacy Officer:

Post:  Manager of Organisational Support
Level 4, 533 Little Lonsdale Street
Melbourne VIC 3000

Tel:  03 9655 2103

We will keep your complaint confidential and handle it according to our complaints policy and procedure, within any timeframes set out in the Privacy Act.

Data breaches that cause serious harm

A person can be seriously harmed when there is a data breach to do with:

  • sensitive information, such as information about someone’s health
  • documents commonly used for identity fraud, such as a Medicare card or a passport
  • financial information
  • a combination of types of personal information that together allows more to be known about the person.

If we are involved in a personal information data breach that is likely to cause serious harm to someone, we will follow the Office of the Australian Information Commissioner’s (OAIC) guidelines for Notifiable Data Breaches. A Data Breach Notification Plan is considered best practice. It we decide we need a Data Breach Notification Plan, we will develop one following OAIC guidance.

Changes to how we manage your privacy

We may change this privacy statement at any time in line with any changes we decide to make to our Privacy Policy. If we make significant changes to this privacy statement, we will contact you and ask you to re-accept this statement. We will do this by email or by putting a notice on our websites.