Privacy Policy

Purpose

The NSW Council of Social Service is committed to protecting and upholding the right to privacy of individuals we deal with including NCOSS Directors and employees; volunteers, student placements, and members of NCOSS special advisory groups; members and employees of member organisation; representatives of stakeholder organisation; and individuals who visit our website and use our services.

This Privacy Policy explains how NCOSS manages the personal information it collects in compliance with its privacy obligations. This policy applies to all records, whether hard copy or electronic, containing personal information about individuals, including interviews or discussions of a sensitive nature.

Legal requirements

NCOSS is required to comply with the Privacy Act 1988 (Cth) (Privacy Act) and, as a condition of funding contracts with the NSW Government, the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). To the extent that NCOSS handles health information, NCOSS is also required to comply
with the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act).

The Privacy Act requires NCOSS to comply with the 13 Australian Privacy Principles (APPs) and to prepare a Privacy Policy detailing how it will deal with personal information and comply with the APPs. The PPIP Act requires NCOSS to follow 12 Information Protection Principles (IPPs) and have a Privacy
Management Plan in place detailing how it will manage personal information and comply with the IPPs. To the extent that NCOSS collects health information, the HRIP Act requires NCOSS to follow 15 Health Privacy Principles (HPPs). This policy focusses on the requirements under the Privacy Act but
also touches on requirements under the PPIP Act and the HRIP Act. If there is any conflict or inconsistency between any of NCOSS’ privacy obligations under the Privacy Act, the PIPP Act or the HRIP Act, NCOSS must comply with the Privacy Act to the extent of such conflict or inconsistency.
NCOSS will otherwise comply with the more onerous requirement.

What is personal information?

Personal information is information or an opinion (including part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.

NCOSS may collect the following types of personal information:

  • name;
  • address;
  • email;
  • fax;
  • telephone;
  • profession/occupation/job title;
  • details of any product or service provided and additional information
    necessary to deliver that product and service and to respond to
    enquiries;
  • additional information that is provided directly through use of the
    NCOSS website or online presence, through NCOSS representatives or
    otherwise;
  • information provided by Members, through our service centre,
    surveys or visits by NCOSS representatives from time to time; and
  • employee information i.e. to process payroll, report to the ATO and
    pay superannuation contributions.
    NCOSS may also collect information that is not classified as personal
    information because it does not identify individuals. For example, NCOSS
    may collect anonymous answers to surveys or aggregated information
    about how the NCOSS website is used.
  1. What is health information?
    Health information is any personal information about an individual’s health
    or disability. It includes information or opinion about an individual’s illness,
    injury or disability, an individual’s expressed wishes about the future
    provision of health services to them, a health service provided, or to be
    provided. It also includes other personal information collected to provide,
    or in providing, a health service to an individual.
    Types of health information NCOSS collects
    While NCOSS does not routinely collect health information, in some
    circumstances we may collect health information such as:
  • Details of an individual’s disability or injury so that NCOSS can
    accommodate them at an event
  • Information about a disability, injury or illness, or a health service an
    individual has received for the purpose of undertaking case studies
    (though usually this information would be de-identified0.
  1. How personal information is collected
    Direct Collection
    NCOSS collects personal information directly from individuals. When
    collecting personal information NCOSS may collect in a number of ways,
    including:
  • Through an individual’s use of the NCOSS website
  • During conversations between an individual and NCOSS
  • When an individual completes an application or purchase order for
    NCOSS products or services.
    Indirect Collection
    NCOSS may also collect personal information about individuals indirectly,
    including:
  • Where an individual has authorised collection of the information from a
    third party
  • Where a person is under 16 years of age, information may be collected
    from a parent or guardian.
  • From government entities.
    NCOSS will take reasonable steps to ensure that:
  • Personal information collected about an individual is not unreasonably
    intrusive or excessive, is relevant, accurate, up-to-date and complete
  • Where required by law, individuals are made aware that NCOSS has
    collected their personal information and that it will be used in
    accordance with this policy.
    Reasonable steps in any particular circumstance will depend on a range of
    factors, including the purpose of collection, the sensitivity of the information,
    and the importance of accuracy in any given circumstance.
  1. Cookies
    NCOSS may collect personal information through the use of cookies. When
    the website is accessed NCOSS may send a “cookie” (a small summary file
    containing a unique ID number) to the user’s computer. This enables NCOSS
    to measure traffic patterns, to determine which areas of our website have
    been visited and to measure transaction patterns in the aggregate. NCOSS
    uses this to research users’ habits to improve NCOSS online products and
    services. These cookies do not collect personal information. Users who do not
    wish to receive cookies can set their browser to not accept them.
    NCOSS may also log IP addresses (that is, the electronic addresses of
    computers connected to the internet) to analyse trends, administer the
    website, track users’ movements, and gather broad demographic
    information.
  2. Dealing with personal information
    In dealing with personal information, NCOSS will:
  • Only collect personal information if it is for a lawful purpose that is
    related to one of our functions, and where it is reasonably necessary for
    us to have the information
  • Ensure that people know what sort of personal information is held, the
    purposes it is held, how it is collected, used, disclosed and who will have
    access to it
  • Take reasonable steps to protect all personal information from misuse,
    loss and unauthorised access, modification or disclosure
  • Ensure personal information is not shared, sold, rented or disclosed other
    than as described in this policy or permitted by law.
  1. Purposes for which personal information may be collected, held, used
    and disclosed
    NCOSS uses personal information as permitted by law, including for the
    primary purpose for which it was collected, a related secondary purpose, or
    otherwise with the consent of the individual. NCOSS may collect, hold, use and
    disclose personal information for purposes including the following:
  • to provide products and services;
  • to answer enquiries and provide information or advice about
    existing and new products or services;
  • to provide individuals with access to protected areas of the
    NCOSS website;
  • to assess the performance of the website and to improve its
    operation;
  • to conduct business processing functions;
  • for the administrative, marketing (including direct marketing),
    planning, product or service development, quality control and
    research purposes of NCOSS, its related contractors or service
    providers;
  • to provide updated information to NCOSS contractors or service
    providers;
  • to update NCOSS records and keep contact details up to date;
  • to process and respond to complaints; and
  • to comply with any law, rule, regulation, lawful and binding
    determination, decision or direction of a regulator, or in cooperation with any governmental agency.
  1. Who might NCOSS disclose personal information to?
    NCOSS may disclose personal information as permitted by law, including to:
  • NCOSS employees, contractors or service providers for the
    purposes of operation of the NCOSS website or business, fulfilling
    requests, and to otherwise provide products and services
    including, without limitation, web hosting providers, IT systems
    administrators, mailing houses, couriers, payment processors,
    data entry service providers, electronic network administrators,
    debt collectors, and professional advisors such as accountants,
    solicitors, business advisors and consultants
  • Suppliers and other third parties with whom NCOSS has
    commercial relationships, for business, marketing, and related
    purposes
  • government agencies from whom NCOSS receives funding, in
    accordance with the terms of a funding agreement. For example,
    for the purposes of auditing NCOSS’ compliance with a funding
    agreement
  • any organisation for any authorised purpose with the consent of
    the individual to whom the personal information relates.
    Any disclosure will be in accordance with NCOSS’ privacy obligations.
  1. Direct marketing
    NCOSS may distribute direct marketing communications and information
    about NCOSS products and services. These communications may be sent
    in various forms including mail, SMS, and email in accordance with
    marketing laws such as the Spam Act 2003 (Cth). If there is a preference
    for a method of communication, NCOSS will endeavour to use that method
    whenever practical to do so. Recipients may opt out of receiving marketing
    communications from NCOSS by contacting info@ncoss.org.au or by
    using opt-out facilities provided in the marketing communications.
  2. Remaining anonymous
    If individuals cannot or do not wish to provide the personal information
    described above, it may be difficult for NCOSS to provide the requested
    products or services (either to the same standard or at all). Further, NCOSS
    may not be able to provide individuals with requested information about
    products and services.
  3. Retention and security
    NCOSS takes the security of personal information seriously. NCOSS has
    reasonable security safeguards to protect personal information from loss,
    unauthorised access, disclosure, or any misuse.
    Personal information is stored securely and NCOSS destroys or permanently
    de-identifies personal information that is no longer needed in accordance
    with its legal obligations.
    Where it is necessary for personal information to be transferred to a person or
    organisation in connection with the provision of our services, NCOSS takes
    reasonable steps to prevent unauthorised use and disclosure of that
    information.
  4. Access and accuracy
    Upon request to the NCOSS Privacy Officer, and as required by law, NCOSS will
    advise individuals:
  • Whether NCOSS holds their personal information, and the nature
    of it
  • The main purpose for which NCOSS holds their information
  • Their entitlement to access their personal information.
    Individuals may ask NCOSS to update their personal information to ensure
    that it is accurate, relevant, up-to-date, complete, and not misleading.
  1. Internal review
    A person wishing to make a complaint about the handling of their personal
    information (including health information) or about a breach of their privacy
    may lodge their concern with designated NCOSS Privacy Officer
    NCOSS Privacy Officer will investigate their concern and:
  • Notify the Information and Privacy Commissioner NSW (IPC NSW) that they
    have received the application for internal review
  • Keep IPC NSW informed of the progress of the internal review
  • Consider any relevant material submitted by the applicant or by IPC NSW
  • Complete the review as soon as possible
  • Once the review is finished, notify the applicant and IPC NSW of the
    findings of the review (and the reasons for those findings), and the
    action proposed to be taken
  • Notify the applicant of any other rights they may have, including making a
    complaint directly to the IPC NSW or Office of the Australian Information
    Commissioner (OAIC) for breaches of the Privacy Act.

NCOSS Privacy Officer
The NCOSS Privacy Officer can be contacted by calling 9211 2599 or using the
following details:
info@ncoss.org.au
Attention: Director of Operations