BACKGROUND AND PURPOSE

The Reef Restoration and Adaptation Program is primarily funded under the Great Barrier Reef Foundation’s Reef Trust Partnership.  The Great Barrier Reef Foundation (GBRF, we, and our) respects your privacy and is committed to protecting sensitive and personal information in accordance with its obligations under the Privacy Act 1988 (Cth) (Privacy Act) including the Australian Privacy Principles (APPs).This privacy policy (Privacy Policy) sets out how we collect, use and disclose your personal information. GBRF may modify or update this Privacy Policy from time to time by publishing changes on the GBRF website and mobile application. We encourage you to check the link on our website and mobile application/periodically to ensure that you are aware of our current Privacy Policy.

2. COLLECTING YOUR PERSONAL INFORMATION

Types of personal information we collect We may collect the following types of personal information:

• name;
• mailing or street address;
• email address;
• telephone number and other contact details;
• age or date of birth;
• gender;
• credit or debit card information;
• details of your donation to us;
• volunteer history;
• any additional information relating to you that you provide to us directly through our website or mobile applications or through other websites or accounts from which you permit us to collect information;
• information you provide to us through surveys or feedback forms; or
• any other personal information that may be required in order to facilitate your dealing with us.

How we collect personal information 

We collect personal information either directly from you, or from publicly available sources or from a third party (for example a contractor or service provider). Where personal information is not collected directly from you, the GBRF will take reasonable steps to notify you of the collection or otherwise make you aware of it. If you choose not to provide certain personal information to us, we may not be able to provide you with the services or information you require or communicate with you.

We may collect your personal information when you:

• register on our website;
• access our mobile application/s;
• volunteer with us;
• donate to us;
• communicate with us through correspondence, chats, email, surveys, or when you share information with us from other social applications, services or websites; or
• interact with our sites, services, content and advertising. 

Additionally, when you apply for a job with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employer and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

Why we collect, use and disclose personal information

We may collect, hold, use and disclose your personal information for the following purposes: 

• to communicate with you as a member, volunteer, donor or supporter. This is so that we can encourage, facilitate and acknowledge your support and keep you informed of our activities, initiatives and programs;
• to provide you with access to our website and / or mobile application/s;
• to assist you with your queries, for example, when you make an enquiry using the website or mobile application, or when you subscribe to or unsubscribe from our distribution lists; 
• to send you service, support and / or administrative messages, reminders and technical notices, updates, security alerts, and information requested by you;
• to send you marketing or promotional messages and other information that may be of interest to you, including sent by, or on behalf of, our business partners that we think you may find interesting; 
• to report to funding bodies or government agencies, and to comply with our legal obligations; 
• for analytics activities and research, including developing anonymised insights so that we can better understand your preferences and interests and enhance your experience with the GBRF; and 
• to consider your application/s for a role with the GBRF, including as an employee, contractor or volunteer.

Collecting sensitive information

Some personal information that we collect about you may also be considered sensitive information. Sensitive information includes personal information about a person’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices and criminal record. Sensitive information also includes genetic information, health information, biometric information that it is used for identification or biometric templates. The GBRF will not collect your sensitive information unless:

• the information relates to the GBRF’s activities and is connected to our engagement with you as a member, volunteer, donor, employee or contractor; 
• we are authorised or required by law to do so; or
• you have consented to us collecting that information from you for a particular purpose.

Using your personal information for direct marketing

[We and / or our carefully selected business partners may send you direct marketing communications and information about our services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g.an unsubscribe link).]

3. DISCLOSING YOUR PERSONAL INFORMATION

For the purposes we have described in this Privacy Policy, we may disclose your personal information:

• to any of our partners or related bodies corporate; 
• to our third-party suppliers, including contractors and service providers for the purposes of operation of our website or mobile application/s or our functions as a not-for-profit organisation;
• professional advisers, dealers and agents or other individuals / organisations who collaborate with us;
• to payment systems operators (e.g. merchants receiving card payments);
• to anyone to whom our assets or business (or any part of it) is transferred or sold (or offered to be transferred or sold); 
• where you have otherwise consented; and / or
• to other persons, including government agencies, regulatory bodies as required or authorised by law. 

If there is a need to disclose personal information for any other purpose not detailed in this policy, GBRF will only do so with your consent. GBRF does not sell personal information to third parties, and except as provided for in this policy does not make personal information available to third parties.

Disclosure of personal information outside of Australia 

We may disclose your personal information outside of Australia to software vendors and other service providers (for example cloud storage service providers) that are located in Asia Pacific and America. We will, however, take reasonable steps to ensure that any overseas recipient will deal with your personal information in a way that is consistent with the APPs. 

4. SECURITY 

We may hold your personal information in either electronic or hard copy form. We take all reasonable steps to protect any personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. We use a variety of physical and electronic security measures, including restricting physical access to our offices, and firewalls and anti-virus software to seek to protect your personal information. However, as our website and mobile application/s are linked to the internet, and the internet is vulnerable to penetration by nefarious actions, we cannot guarantee the security of the personal information you provide to us online.

5. USING OUR WEBSITE 

We may collect personal information about you when you use and access our website or mobile application. 

When you visit the GBRF website or access the mobile application/s, or download information from it, we may keep a record of your visit including your internet address, your domain name (if applicable), and the date and time of your visit to our website. Our ISP also collects information such as the pages our users access, the documents they download, links from other sites they follow to reach our site, and the type of browser they use. This information is anonymised and is used for statistical and website development purposes only.

We may also use ‘cookies’ or other similar tracking technologies on our website, mobile application/s or digital channels that help us track your usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our website or mobile application/s may not work as intended for you if you do so.

6. LINKS 

Our website or mobile application/s may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

7. ACCESSING OR CORRECTING YOUR PERSONAL INFORMATION

You have a right to access and seek correction of personal information we hold about you at any time by contacting us in writing (using the contact details below). There are some circumstances where we are permitted to deny access to personal information such as (but not limited to) where the access would have an unreasonable impact on the privacy of others or where granting access is unlawful or denying access is required or authorised by law. If we deny you access, we will provide you with our reasons for refusal. The GBRF is allowed to impose reasonable charges for providing access.If you think any information we hold about you is incomplete, inaccurate or out of date, or if you have any concerns about the handling of your personal information, please contact our Privacy Compliance Officer as per the details below and we will take reasonable steps to correct that information.

8. MAKING A COMPLAINT

If you wish to make a complaint about the manner in which we have collected, handled, used or disclosed your personal information (including if you think we have breached the Privacy Act and the Australian Privacy Principles), please contact our Privacy Compliance Officer in writing as follows:

Privacy Compliance Officer
Great Barrier Reef Foundation
GPO Box 1362
Brisbane QLD 4001

or

info@barrierreef.org

Please include your name, email address and / or telephone number and clearly describe your complaint. We will investigate the complaint and respond to you promptly. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner.

9. AUTHORISATION

Approved by Managing Director, Anna Marsden.

Endorsed by Audit, Risk and Finance Committee.

Endorsed by Board.