Crusaders respects your privacy and is committed to complying with the Australian Privacy Principles outlined in the Privacy Act 1988 and Privacy Amendment (Notifiable Data Breaches) Act 2017.
What type of personal and sensitive information does Crusaders collect?
Crusaders only collects personal and sensitive information that is necessary to carry out the organisation’s functions and activities. This information is collected by lawful and fair means. Where practicable, individuals may choose to interact with Crusaders anonymously or using a pseudonym, however, if personal information is not provided, Crusaders may not be able to process camp bookings, donations or satisfy duty of care requirements.
Information collected by Crusaders relates to:
· Campers and school children, parents and/or guardians before, during and after their immediate involvement with Crusaders
· Guests who use Crusaders’ campsites or services
· Representatives of groups and organisations who potentially might use Crusaders’ campsites, or other programs or services
· Job applicants, staff members, volunteers, participants in training courses and contractors
· People who donate to Crusaders and
· Other people who come into contact with Crusaders.
Crusaders generally collects the following kinds of personal information:
· Postal and email addresses and social media accounts
· Phone and fax numbers
· Date of birth
· Marital status
· Education and training
· Details about next of kin
· Occupation and employment history
· History of involvement in Crusader activities
· Financial details (bank and credit card numbers) and donor history
· Photographic images, video clips and sound recordings.
Crusaders generally collects the following kinds of sensitive information:
· Religious beliefs
· Criminal record (for child protection purposes)
· Health information (for duty of care purposes).
· Working With Children Check numbers, as well as information used to verify such checks
· Access rights for children, including information about individuals who have restricted access
· Particular care information and needs for OOHC children
How is personal data collected?
Information is usually collected directly from the individual by way of telephone calls, online forms, hard copy forms, face-to-face meetings, interviews, surveys and use of Crusaders websites and emails (www.crusaders.edu.au and www.crucamps.com.au). Crusaders will inform individuals about the purposes of collecting this information at the time of collection and will take reasonable steps to obtain express consent for collecting and using sensitive information.
Crusaders will collect personal and sensitive information about minors from their parents or guardians and treat consent given by parents as consent given on behalf of the child. Notice given to parents will act as notice given to the child.
From time to time, where it is impractical for information to be collected directly from the individuals concerned, Crusaders may also collect information about individuals or organisations from social media, a purchased list or online directory. Crusaders may also receive information from supporters about other contacts who may be interested in supporting Crusaders.
Use of personal and sensitive information
Crusaders uses personal data to:
· Process camp bookings and donations
· Keep parents and children informed about matters related to camps, school CRU Groups and events and the general work of the organisation
· Seek donations and market Crusaders as an organisation
· Satisfy Crusaders’ legal obligations and duty of care
· Understand the needs and preferences of Crusaders’ customers and supporters through conducting surveys
· Process information for the smooth running of training courses, and
· Promote Crusaders’ products and services through direct mail, email, at events, on the organisation’s website and through social media and publications.
Crusaders may use personal data for its marketing purposes to notify clients of special events, new resources or services, or other information that may be of interest. Individuals will be informed that their personal data may be used in this way when their information is collected. Where it is impractical to seek the individual’s consent before that particular use, marketing material may still be sent where individuals may reasonably expect to receive such material (e.g. after an individual has used one of Crusaders’ services).
All Crusaders’ marketing mailings feature an ‘opt-out’ clause. If individuals choose to ‘opt-out’ Crusaders will not contact them again for that particular purpose. Individuals can opt-out by clicking the ‘unsubscribe’ button in emails, returning the material and marking the opt-out option, or by contacting the Privacy Officer on 02 9874 8933 or emailing firstname.lastname@example.org. Please note that this request may take a few weeks to come into effect.
On rare occasions Crusaders may purchase lists of potential supporters and customers and send them information about Crusaders and the organisation’s work and services. In this case, individuals will be notified of how their information was collected and will be provided with an opportunity to ‘opt out’ of any further contact with Crusaders.
Website security and Privacy
The Crusader Union of Australia respects and protects the privacy of all users of Crusaders’ websites: www.crusaders.edu.au and www.crucamps.com.au. Crusaders reserves the right to collect personally identifying information from users during:
· online applications
· messages posted to blogs
· online purchasing, camp registrations or donations
· online surveys.
Generally the information collected includes: name; e-mail address; address; phone number; social media accounts; postal address; health information for campers; payment information; and answers to questions (surveys or otherwise). This information is used for the functioning of Crusaders’ programs and services and for marketing purposes, which help Crusaders to improve websites and products, reach new customers and generate support.
Crusaders does not store credit card details or information needed to verify online transactions. These are collected and processed by a secure payment gateway called Web Active Corporation Pty Ltd trading as “eWAY”. Their privacy statement can be viewed at http://www.eway.com.au/company/legal. All pages on Crusaders’ websites related to financial transactions are protected by Secure Sockets Layer (SSL) encryption.
Crusaders employs a marketing automation platform to track the patterns of behaviour of visitors to its websites. This information includes using "cookies" which are stored on an individual user’s internet browser. Individuals may choose to opt out of having cookies stored on their browser by setting "No Tracking" options in their Internet browser. Crusaders respects "No Tracking" options if selected.
The Crusader website may contain links to third party websites. Crusaders is not responsible for the privacy practices of these sites.
Storage and protection of personal data
Crusaders employs a cloud-based database system to catalogue and store personal details. This information is stored securely with password protection, robust network security and encryption in transmission. Only those staff and volunteers who require access to this information to complete their duties are supplied with a password and users only have access to the sections of the database relevant for their work.
Crusaders will take reasonable steps to protect the personal data it holds from misuse and loss and from unauthorised access, modification or disclosure. This includes physical security, computer and network security and personnel security.
Crusaders will take reasonable steps to destroy or permanently de-identify personal data if it is no longer reasonably necessary for one of Crusaders’ functions. Crusaders will continue to hold relevant information to resolve possible future complaints. In instances where information is archived, Crusaders will take reasonable steps to ensure the security of this information.
Disclosure of personal information
Crusaders does not engage in the selling, renting or exchanging of our clients’ and supporters’ personal information.
Crusaders only discloses Personal and Sensitive Information:
· To staff and volunteers to facilitate the smooth running of camps (i.e. directors, leaders and first aid staff)
· To medical practitioners, in the case of a client requiring medical attention
· To contractors providing services to a camp (e.g. Surf coaches are provided with information on how far each child can swim)
· To organisations, individuals and/or volunteers that assist in Crusaders’ fundraising and marketing activities, including database and mailhouse services
· When required by law or for governmental reporting
· To anyone the individual themselves authorises Crusaders to disclose information to.
Crusaders may pass on names and basic contact details of individuals (phone number and email address) to local churches. This disclosure would be for the purpose of allowing churches to care for the spiritual welfare of individuals. This information will only be disclosed if the individual gives consent to the disclosure. This consent will only be valid consent if the individual is adequately informed before giving consent, gives consent voluntarily and specifically, if the consent is current, and if the individual has the capacity to understand and communicate their consent. Taking advice from the Australian Privacy Principles guidelines, Crusaders assumes that camps or events which include senior high school years would have individuals who would be able to give consent to this disclosure.
Disclosure of information overseas
Crusaders employs a cloud-based database system. As a result, personal information may be transferred to, and stored at, a destination outside Australia, including but not limited to Japan, the United States of America, Chile, Taiwan, Singapore, Finland, Belgium and Ireland. Crusaders takes all reasonable steps to ensure that third parties comply with the Australian Privacy Principles or similar laws and that the privacy of individuals is protected.
Job applicants, staff, volunteers, contractors and others
Crusaders’ primary purpose for collecting personal information from job applicants, staff members, volunteers and contractors is to assess and (if successful) engage the applicant, staff member, volunteer or contractor.
The purposes for which this information is used include:
· administering the individual’s employment or contract
· insurance purposes
· seeking funds and marketing for Crusaders and
· satisfying Crusaders’ legal obligations such as child protection legislation.
Access and correction rights
Individuals can request access to their personal data held by Crusaders by contacting the Privacy Officer. Crusaders will require each person to verify their identity in order to access information.
Crusaders may choose not to provide individuals with access to personal information if:
· Providing access would have an unreasonable impact on the privacy of other individuals
· The request for access is frivolous or vexatious
· The information relates to anticipated or existing legal proceedings and would not be discoverable in those proceedings
· Providing access would be likely to prejudice an investigation of possible unlawful activity.
If an individual believes that any personal information Crusaders holds is incorrect, incomplete, not up-to-date, or no longer relevant, they can request that the information is corrected and Crusaders will do so in a reasonably timely manner.
If a Data Breach occurs
The Crusader Union of Australia is an organisation that is required to report any known or suspected breaches of our data to the Privacy Commissioner, those affected, and the OAIC (Office of the Australian Information Commissioner). Crusaders’ Data Breach Response Plan outlines how Crusaders will respond in the event of a data breach.
If anyone believes that Crusaders may have breached their privacy rights, or is concerned about Crusaders’ information handling practices, please contact the Privacy Officer. The matter will be promptly investigated and where appropriate, steps taken to remedy any concerns. If you are dissatisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (www.oaic.gov.au).
Crusaders’ Privacy Officer:
Ph: (02) 9874 8933 (option 5) Fax: (02) 9874 0218 Email: email@example.com
Mailing Address: PO Box 590, Eastwood NSW 2122 Australia
If you would like a printed copy of this document, please contact Crusaders’ Privacy Officer.