Privacy Policy
Purpose & Scope
Privacy is extremely important to Disaster Recovery Army Incorporated (DISASTER RECOVERY ARMY) and we are committed to always handling personal information and data in a safe and secure manner and ensuring the privacy of any personal information you provide to us. Consistent with our obligation to maintain and manage personal information openly and transparently, this policy explains how we manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Personal information is information or an opinion about an individual, which identifies them or from which their identity is reasonably identifiable.
Policy
What type of personal information do we collect?
We collect personal information from DISASTER RECOVERY ARMY Members, donors, potential donors, event participants, community supporters, spontaneous and corporate volunteers and people that sign up to receive DISASTER RECOVERY ARMY communications. The type of personal information that DISASTER RECOVERY ARMY collects and holds will depend on the nature of involvement with our organisation. Depending on the reason for collecting personal information, the personal information collected by DISASTER RECOVERY ARMY may include personal or sensitive information as defined in the Privacy Act 1988 [Cth].
The personal or sensitive information we collect may include:
• an individual’s name, signature, address, phone number, date of birth and / or email address
• Health information, such as medical conditions and other information that may affect your ability to perform a role or to deploy.
• employee information
• Service / employment / volunteer history
• Photographs relating to DISASTER RECOVERY ARMY events and activities
• internet protocol (IP) addresses of technology that accesses our website
• location information from a mobile device.
Whilst an individual is not required to provide personal and/or sensitive information requested by DISASTER RECOVERY ARMY, if you do not provide the information DISASTER RECOVERY ARMY reasonably requests, we may not be able to provide you with certain services or allow you to participate in DISASTER RECOVERY ARMY activities. For instance, an individual may choose to donate or receive general information or communications anonymously or under a pseudonym: however, DISASTER RECOVERY ARMY is required to collect and store a minimum level of information to issue a receipt. Similarly, a DISASTER RECOVERY ARMY Member may agree to the provision of name, address, email, and phone number, but may not agree to use a personal mobile device for location tracking or use of other communication tools. This may impact on a DISASTER RECOVERY ARMY members ability to deploy on certain operations. Our ability to provide services will be assessed on a case-by-case basis. Location information is used to ensure the health, safety and welfare of members whilst engaged in DISASTER RECOVERY ARMY activities. In circumstances where DISASTER RECOVERY ARMY receives unsolicited personal information (meaning, personal information that has been received where DISASTER RECOVERY ARMY has taken no active steps to collect the information), DISASTER RECOVERY ARMY will destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so unless the unsolicited personal information is reasonably necessary for, or directly related to, DISASTER RECOVERY ARMY’s functions or activities.
How do we collect personal information?
DISASTER RECOVERY ARMY staff, volunteers or contractors may collect personal information from individuals from time to time via various means including (but not limited to):
• Membership database
• Expressions of Interest for DISASTER RECOVERY ARMY activities
• Device tracking
• Vehicle tracking
• DISASTER RECOVERY ARMY Internet Member Portal
• DISASTER RECOVERY ARMY Merchandise online shop
• DISASTER RECOVERY ARMY Microsoft Office login
• DISASTER RECOVERY ARMY social media
We will wherever practicable, collect personal information directly from the owner of the personal information, including via phone, face to face, our website, email, SMS, electronic and hard copy forms, social media and third-party online portals. On occasion, DISASTER RECOVERY ARMY may collect personal information from a third party such as sector relevant coalitions. If we collect personal information about you from a third party we will, where appropriate, request the third party inform you that we are holding your information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information. DISASTER RECOVERY ARMY will generally obtain consent from the owner of personal information to collect their personal information. Consent may be provided in writing, orally or may be implied through a person’s engagement with DISASTER RECOVERY ARMY. We will endeavour to only ask for personal information if it is reasonably necessary for the activities that an individual is seeking to be involved in. Location information is collected using on-board devices in vehicles, DISASTER RECOVERY ARMY mobile phones and other devices, and in some circumstances, personal devices.
How does DISASTER RECOVERY ARMY use personal information?
DISASTER RECOVERY ARMY may collect, hold, use, or disclose personal information for the following general purposes:
• To offer and provide DISASTER RECOVERY ARMY services, including its website
• To identify an individual
• For the purpose for which the personal information was originally collected
• To help ensure the health, safety and welfare of members engaged in DISASTER RECOVERY ARMY activities
• For a purpose for which an individual has consented
• For any other purpose where the information is used in aggregated form
• For any other purpose authorized or required by an Australian law
• For any other purpose authorised or required by a court or tribunal
• For research purposes (de-identified)
For the purpose of furthering DISASTER RECOVERY ARMY’s mission, information collected is used for DISASTER RECOVERY ARMY’s fundraising, aid, relief and development, advocacy, education, and related activities. This includes (but is not limited to) processing donations, issuing receipts and other DISASTER RECOVERY ARMY material, contact management for DISASTER RECOVERY ARMY staff and representatives, and analysis to personalize and improve DISASTER RECOVERY ARMY’s supporter engagement. DISASTER RECOVERY ARMY may publish images of DISASTER RECOVERY ARMY Members, supporters, staff, contractors, and other volunteers in publications, on social media, or in public advertisements, after obtaining informed consent. If an individual has any concerns about their personal information being used by DISASTER RECOVERY ARMY in any of these ways, they must notify DISASTER RECOVERY ARMY at admin@disaster.org.au .
Disclosure
DISASTER RECOVERY ARMY will not pass information on to third parties except in the following circumstances:
• where required by law or other regulation
• information is given to financial institutions/intermediaries for normal bank processing in which case there is a contractual expectation of confidentiality
• information is given to communication service providers for bulk processing in which case there is a contractual expectation of confidentiality
• the Australian Taxation Office or other government authority or Australian law or court requires or authorizes the disclosure of information
• an individual has consented to DISASTER RECOVERY ARMY disclosing their personal information to a third party
• other parties including agents and contractors have agreed to keep information secure and confidential in line with the Australian Privacy Principles (APPs)
When disclosing personal information to a third party, DISASTER RECOVERY ARMY will take reasonable steps to ensure that the third party does not breach the APPs in relation to the information. All personal information is held in Australia. As at the date of this Privacy Policy, we are not likely to disclose personal information to overseas recipients. If in future we do propose to disclose personal information overseas, we will do so in compliance with the requirements of the Privacy Act (1988) Cth. Specifically, DISASTER RECOVERY ARMY will only disclose your personal information to a recipient overseas in certain circumstances and in accordance with the APPs where:
• The individual has consented to the disclosure; or
• DISASTER RECOVERY ARMY reasonably believes that the overseas recipient is subject to a law or binding scheme that protects the information in a way that is substantially similar to the way the information is protected under the Privacy Act and the APPs; or
• The disclosure is required or authorized by an Australian law or a court order.
If you do not want us to disclose your information to overseas recipients, please let us know. From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information does not always involve a disclosure of personal information overseas or to that overseas provider.
Direct Marketing
From time-to-time DISASTER RECOVERY ARMY may send supporters updates and information consistent with its mission and future development. Supporters are provided with the option to unsubscribe from communication and may contact DISASTER RECOVERY ARMY if they do not wish to receive such information.
How does DISASTER RECOVERY ARMY store personal information?
DISASTER RECOVERY ARMY ensures all reasonable steps are taken to protect the personal information it holds from misuse and loss and from unauthorized access, modification, or disclosure. Supporter personally identifiable information is kept secure - through securely storing paper records, and electronic records through the use of firewalls, password-restricted access to computerised records, routine security risk assessments, and internal policies in relation to access to personal information. Physical, electronic and managerial procedures have been put in place to safeguard the security and integrity of your personal information. Whilst we take reasonable steps to maintain the security of your personal information transmitted via the internet, unfortunately, no data transmission over the internet can be guaranteed to be completely secure. Although we strive to protect such information, we do not warrant the security of any information transmitted over the internet and you do so at your own risk.
Cookies
A cookie is a small text file stored in your computer’s memory or on your hard disk for a pre-defined period of time. We may use cookies to identify specific machines in order to collect aggregate information on how visitors are experiencing our website. While cookies allow a computer to be identified, they do not permit any reference to a specific individual. For information on cookie settings of your internet browser, please refer to your browser’s manual. You can block cookies on your specific machine, but this may inhibit your ability to access the website.
Keeping details accurate and up to date
DISASTER RECOVERY ARMY is committed to holding accurate and up-to-date personal information. Individuals are encouraged to contact DISASTER RECOVERY ARMY at any time to update their personal information. This can be done by contacting the Membership team at DISASTER RECOVERY ARMY. DISASTER RECOVERY ARMY will destroy or de-identify any personal information which is no longer required by the organisation for any purpose for which the organisation may use or disclose it unless DISASTER RECOVERY ARMY is required by law or under an Australian law or court order to retain it.
How individuals can access their personal information
If an individual wants to access a copy of their personal information that DISASTER RECOVERY ARMY holds, in order to seek correction of such information they may do so by contacting DISASTER RECOVERY ARMY. In accordance with the Privacy Act, DISASTER RECOVERY ARMY may refuse access to personal information in a number of circumstances including where giving access to the information would pose a serious threat to the life, health or safety of a person, the information relates to existing or anticipated legal proceedings and would not be available under the discovery process, or denying access is required or authorised by an Australian law or court order. DISASTER RECOVERY ARMY will handle all requests for access to personal information as quickly as possible.
Data Breach
We will notify you and the Office of the Australian Information Commissioner in circumstances where there has been an eligible data breach as defined in the Privacy Act. This is when:
a) We suspect that a data breach relating to your personal information has occurred; and
b) There is real risk of serious harm to you as a result of the breach; and
c) We cannot take remedial steps to reduce the risk of serious harm.
Changes
We reserve the right to change the terms of this Privacy Policy from time to time, without notice to you. An up-to-date copy of our Privacy Policy is available on our website, and we encourage you to check our website periodically to make sure you are aware of our current Privacy Policy. The last update to this document was November 2024.
How to contact DISASTER RECOVERY ARMY
If an individual has any questions, comments or complaints about DISASTER RECOVERY ARMY’s Privacy Policy or handling of information please contact DISASTER RECOVERY ARMY on +61 (0)422 953 900 between 9am and 5pm (AEST or AEDST) Monday to Friday.
Alternatively, they can send an email to admin@disaster.org.au or write to Disaster Relief Australia, PO Box 220 Strathdale VIC 3550, Australia.
DISASTER RECOVERY ARMY takes all feedback seriously and any feedback on DISASTER RECOVERY ARMY’s privacy principles or handling of personal information will be investigated and assessed by the National Human Resources Coordinator. The feedback provided will be delivered within a reasonable time from the initial receipt.
Further information about individual privacy rights and privacy law can be obtained from the Office of the Australian Information Commissioner by:
• Calling: Privacy Hotline on 1300 363 992
• Visiting: website at http://www.oaic.gov.au
• Writing: The Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042, Australia
Related References
• Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).
• Privacy Act 1988 (Cth) and subsequent Amendments
• DISASTER RECOVERY ARMY Fundraising Policy
• SURVEILLANCE DEVICES ACT 1999 [VIC]
Personal information means: Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) Whether the information or opinion is true or not
b) Whether the information or opinion is recorded in a material form or not
Sensitive information means:
Sensitive information is a special category of personal information.
a) Information or an opinion about an individual’s
• racial or ethnic origin
• political opinions
• membership of a political association
• religious beliefs or affiliations
• philosophical beliefs
• membership of a professional or trade association
• membership of a trade union
• sexual orientation or practices
• criminal record, that is also personal information
b) Health information about an individual
c) Genetic information about an individual that is not otherwise health information
d) Biometric information that is to be used for the purpose of automated biometric verification or biometric templates