Privacy Policy
Privacy is extremely important to Disaster Recovery Army Incorporated (DRA) and we are committed to always handling personal information and data in a safe and secure manner and ensuring the privacy of any personal information you provide to us. Consistent with our obligation to maintain and manage personal information openly and transparently, this policy explains how we manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Personal information is information or an opinion about an individual, which identifies them or from which their identity is reasonably identifiable.
Policy
What type of personal information do we collect?
We collect personal information from DRA Members, donors, potential donors, event participants, community supporters, spontaneous and corporate volunteers and people that sign up to receive DRA communications. The type of personal information that DRA collects and holds will depend on the nature of involvement with our organisation. Depending on the reason for collecting personal information, the personal information collected by DRA may include personal or sensitive information as defined in the Privacy Act 1988 [Cth].
The personal or sensitive information we collect may include:
• an individual’s name, signature, address, phone number, date of birth and / or email address
• Health information, such as medical conditions and other information that may affect your ability to perform a role or to deploy. • employee information
• Service / employment / volunteer history
• Photographs relating to DRA events and activities
• internet protocol (IP) addresses of technology that accesses our website
• location information from a mobile device.
Whilst an individual is not required to provide personal and/or sensitive information requested by DRA, if you do not provide the information DRA reasonably requests, we may not be able to provide you with certain services or allow you to participate in DRA activities. For instance, an individual may choose to donate or receive general information or communications anonymously or under a pseudonym: however, DRA is required to collect and store a minimum level of information to issue a receipt. Similarly, a DRA Member may agree to the provision of name, address, email, and phone number, but may not agree to use a personal mobile device for location tracking or use of other communication tools. This may impact on a DRA members ability to deploy on certain operations. Our ability to provide services will be assessed on a case-by-case basis. Location information is used to ensure the health, safety and welfare of members whilst engaged in DRA activities. In circumstances where DRA receives unsolicited personal information (meaning, personal information that has been received where DRA has taken no active steps to collect the information), DRA will destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so unless the unsolicited personal information is reasonably necessary for, or directly related to, DRA’s functions or activities.
How do we collect personal information?
DRA staff, volunteers or contractors may collect personal information from individuals from time to time via various means including (but not limited to):
• Membership database
• Expressions of Interest for DRA activities
• Device tracking
• Vehicle tracking
• DRA Internet Member Portal
• DRA Merchandise online shop
• DRA Microsoft Office login
• DRA social media
We will wherever practicable, collect personal information directly from the owner of the personal information, including via phone, face to face, our website, email, SMS, electronic and hard copy forms, social media and third-party online portals. On occasion, DRA may collect personal information from a third party such as sector relevant coalitions. If we collect personal information about you from a third party we will, where appropriate, request the third party inform you that we are holding your information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information. DRA will generally obtain consent from the owner of personal information to collect their personal information. Consent may be provided in writing, orally or may be implied through a person’s engagement with DRA. We will endeavour to only ask for personal information if it is reasonably necessary for the activities that an individual is seeking to be involved in. Location information is collected using on-board devices in vehicles, DRA mobile phones and other devices, and in some circumstances, personal devices.
How does DRA use personal information?
DRA may collect, hold, use, or disclose personal information for the following general purposes:
• To offer and provide DRA services, including its website
• To identify an individual
• For the purpose for which the personal information was originally collected
• To help ensure the health, safety and welfare of members engaged in DRA activities
• For a purpose for which an individual has consented
• For any other purpose where the information is used in aggregated form
• For any other purpose authorized or required by an Australian law
• For any other purpose authorized or required by a court or tribunal
• For research purposes (de-identified)
For the purpose of furthering DRA’s mission, information collected is used for DRA’s fundraising, aid, relief and development, advocacy, education, and related activities. This includes (but is not limited to) processing donations, issuing receipts and other DRA material, contact management for DRA staff and representatives, and analysis to personalize and improve DRA’s supporter engagement. DRA may publish images of DRA Members, supporters, staff, contractors, and other volunteers in publications, on social media, or in public advertisements, after obtaining informed consent. If an individual has any concerns about their personal information being used by DRA in any of these ways, they must notify DRA at admin@disaster.org.au .
Disclosure
DRA will not pass information on to third parties except in the following circumstances:
• where required by law or other regulation
• information is given to financial institutions/intermediaries for normal bank processing in which case there is a contractual expectation of confidentiality
• information is given to communication service providers for bulk processing in which case there is a contractual expectation of confidentiality
• the Australian Taxation Office or other government authority or Australian law or court requires or authorizes the disclosure of information
• an individual has consented to DRA disclosing their personal information to a third party
• other parties including agents and contractors have agreed to keep information secure and confidential in line with the Australian Privacy Principles (APPs)
When disclosing personal information to a third party, DRA will take reasonable steps to ensure that the third party does not breach the APPs in relation to the information. All personal information is held in Australia. As at the date of this Privacy Policy, we are not likely to disclose personal information to overseas recipients. If in future we do propose to disclose personal information overseas, we will do so in compliance with the requirements of the Privacy Act (1988) Cth. Specifically, DRA will only disclose your personal information to a recipient overseas in certain circumstances and in accordance with the APPs where:
• The individual has consented to the disclosure; or
• DRA reasonably believes that the overseas recipient is subject to a law or binding scheme that protects the information in a way that is substantially similar to the way the information is protected under the Privacy Act and the APPs; or
• The disclosure is required or authorized by an Australian law or a court order.
If you do not want us to disclose your information to overseas recipients, please let us know. From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information does not always involve a disclosure of personal information overseas or to that overseas provider.
Direct Marketing
From time-to-time DRA may send supporters updates and information consistent with its mission and future development. Supporters are provided with the option to unsubscribe from communication and may contact DRA if they do not wish to receive such information.
How does DRA store personal information?
DRA ensures all reasonable steps are taken to protect the personal information it holds from misuse and loss and from unauthorized access, modification, or disclosure. Supporter personally identifiable information is kept secure - through securely storing paper records, and electronic records through the use of firewalls, password-restricted access to computerised records, routine security risk assessments, and internal policies in relation to access to personal information. Physical, electronic and managerial procedures have been put in place to safeguard the security and integrity of your personal information. Whilst we take reasonable steps to maintain the security of your personal information transmitted via the internet, unfortunately, no data transmission over the internet can be guaranteed to be completely secure. Although we strive to protect such information, we do not warrant the security of any information transmitted over the internet and you do so at your own risk.
Cookies
A cookie is a small text file stored in your computer’s memory or on your hard disk for a pre-defined period of time. We may use cookies to identify specific machines in order to collect aggregate information on how visitors are experiencing our website. While cookies allow a computer to be identified, they do not permit any reference to a specific individual. For information on cookie settings of your internet browser, please refer to your browser’s manual. You can block cookies on your specific machine, but this may inhibit your ability to access the website.
Keeping details accurate and up to date
DRA is committed to holding accurate and up-to-date personal information. Individuals are encouraged to contact DRA at any time to update their personal information. This can be done by contacting the Membership team at DRA. DRA will destroy or de-identify any personal information which is no longer required by the organisation for any purpose for which the organisation may use or disclose it unless DRA is required by law or under an Australian law or court order to retain it.
How individuals can access their personal information
If an individual wants to access a copy of their personal information that DRA holds, in order to seek correction of such information they may do so by contacting DRA. In accordance with the Privacy Act, DRA may refuse access to personal information in a number of circumstances including where giving access to the information would pose a serious threat to the life, health or safety of a person, the information relates to existing or anticipated legal proceedings and would not be available under the discovery process, or denying access is required or authorised by an Australian law or court order. DRA will handle all requests for access to personal information as quickly as possible.
Data Breach
We will notify you and the Office of the Australian Information Commissioner in circumstances where there has been an eligible data breach as defined in the Privacy Act. This is when:
a) We suspect that a data breach relating to your personal information has occurred; and
b) There is real risk of serious harm to you as a result of the breach; and
c) We cannot take remedial steps to reduce the risk of serious harm.
Changes
We reserve the right to change the terms of this Privacy Policy from time to time, without notice to you. An up-to-date copy of our Privacy Policy is available on our website, and we encourage you to check our website periodically to make sure you are aware of our current Privacy Policy. The last update to this document was March 2024.
How to contact DRA
If an individual has any questions, comments or complaints about DRA’s Privacy Policy or handling of information please contact DRA on +61 (0)422 953 900 between 9am and 5pm (AEST or AEDST) Monday to Friday.
Alternatively, they can send an email to admin@disaster.org.au or write to Disaster Relief Australia, PO Box 4223, Ringwood, VIC 3134, Australia.
DRA takes all feedback seriously and any feedback on DRA’s privacy principles or handling of personal information will be investigated and assessed by the National Human Resources Coordinator. The feedback provided will be delivered within a reasonable time from the initial receipt.
Further information about individual privacy rights and privacy law can be obtained from the Office of the Australian Information Commissioner by:
• Calling: Privacy Hotline on 1300 363 992
• Visiting: website at http://www.oaic.gov.au
• Writing: The Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042, Australia
Related References
• Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).
• Privacy Act 1988 (Cth) and subsequent Amendments
• DRA Fundraising Policy
• Workplace Surveillance Act 2005 No 47 - [NSW]
• Workplace Privacy Act 2011 [ACT]
• SURVEILLANCE DEVICES ACT 1998 [WA]
• SURVEILLANCE DEVICES ACT 1999 [VIC]
• SURVEILLANCE DEVICES ACT 2016 [SA]
• SURVEILLANCE DEVICES ACT 2007 [NT]
i Personal information means: Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) Whether the information or opinion is true or not
b) Whether the information or opinion is recorded in a material form or not
Sensitive information means: Sensitive information is a special category of personal information.
a) Information or an opinion about an individual’s
• racial or ethnic origin
• political opinions
• membership of a political association
• religious beliefs or affiliations
• philosophical beliefs
• membership of a professional or trade association
• membership of a trade union
• sexual orientation or practices
• criminal record, that is also personal information
b) Health information about an individual
c) Genetic information about an individual that is not otherwise health information
d) Biometric information that is to be used for the purpose of automated biometric verification or biometric templates