RedR Australia Limited (ABN 89 068 902 821) (RedR, we, us or our) is an international humanitarian response agency that recruits, selects, trains, prepares, deploys and supports people to help communities plan, prepare, rebuild and recover before, during and after crises and conflict.
2. Our obligations
We comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, security, accessibility and disposal.
The Privacy Act also includes a data breach notification regime, which requires RedR to assess and manage any data breaches involving personal information held by RedR.
3. What is Personal Information?
Personal Information includes sensitive information such as health information.
4. May I choose not to provide Personal Information to RedR?
Yes, you may choose not to provide Personal Information that we request. However, if you make that choice, we may not be able to provide you with our assistance, services or opportunities. For example, you cannot be a volunteer, board member, employee or deployee of RedR unless you provide us with your Personal Information.
5. Kinds of Personal Information that we collect
The kinds of Personal Information that we may collect or hold about you generally includes:
- contact information (your name, address, contact details, including postal and/or email addresses);
- personal details such as date of birth, gender, occupation, employment history and skills experience;
- payment details, credit card and/or bank account numbers, records of correspondence and billing and statements associated with training course fees, payments when on deployment, and managing donations;
- information about how you use the services that we provide;
- records of our interactions with you;
- usernames and passwords that you create when registering an account with us;
- if you are one of our suppliers, we may collect other business and Personal Information about you that we feel is necessary, such as the nature of the products or services that you supply, quotes that you provide and your direct credit details; and
- in certain circumstances such as where you are or may be deployed by us, we may hold sensitive information about you, such as information about your race, ethnic origins, medical history and status, dietary requirements, previous illnesses or injuries or current or expected state of health.
6. How we collect your Personal Information
When we collect your Personal Information, we will provide you with information about why we are collecting it.
We collect Personal Information from people and organisations including:
- our employees;
- job applicants;
- volunteers / deployees;
- other people that we provide services to;
- donors (or through third parties who manage donations made by you);
- our suppliers; and
- the general public.
We collect Personal Information from you when you engage with us including:
- face-to-face, in writing, over the phone, by email or over the internet;
- through application forms, curricula vitae, reference checks, interviews, telephone conversations, feedback or information provided by you;
- when you become a volunteer or deployee (or register your interest to do so); and
- when you donate to us or provide us with products or services.
In the event of a complaint, we may also receive Personal Information about you from other parties or from other users of this website or third parties who may communicate information to us in relation to that complaint.
We also collect Personal Information from sources that are publicly available such as websites, journals and phone books.
Sensitive information is a subset of Personal Information that is generally afforded a higher level of privacy protection, such as health information. We only collect sensitive information where it is reasonably necessary for our functions or activities and either:
- with your consent; or
- where we are required or authorised to do so by or under law (including the APPs).
7. Collection of information other than Personal Information through our website
When you visit our website, some of the information that is collected about your visit is not Personal Information, as it does not reveal your identity.
Site visit information
For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.
We use and disclose this information in anonymous, aggregated form only, for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users, although they do identify the user's internet browser.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.
8. How we use your Personal Information
Some of the common purposes for which we use Personal Information include to:
- provide humanitarian assistance and other RedR programs;
- manage our relationship with you;
- provide training and other services;
- enable us to provide our services and carry out our functions and activities;
- administer our international programs including to deployee people overseas;
- comply with our legal and contractual obligations;
- comply with your requests or instructions;
- manage complaints or issues;
- maintain the integrity of the Standby Register of personnel;
- assess occupational health and safety on training;
- manage donations you make to us;
- undertake internal purposes such as procedural assessments, risk management, service reviews, staff training, accounting and billing; and
- identify, and inform you of, services that may be of interest to you.
If you are one of our suppliers, we may use your Personal Information to facilitate our business relationship with you. This could include, for example, to assess goods or services that you supply or to review a commercial proposal that you have put to us.
We may also use your Personal Information to send you communications and newsletters about services that we believe may be of interest to you or seeking your help through donations. We understand that you may not wish to receive such material and you may opt-out by giving written notice to RedR’s Communications Officer as follows:
RedR Communications Officer
55 - 61 Barry St, Carlton VIC 3053
Email: [email protected]
Telephone: +61 3 8341 2666
On receiving an opt-out request, RedR will ensure that your name is removed from its promotional mailing list and that you receive acknowledgement in writing.
9. How we disclose your Personal Information
Generally, we will only disclose your Personal Information for a purpose that is related to the service that we are providing to you or the reason that we collected the information.
For example, we may disclose your Personal Information to:
- our employees, contractors or volunteers on a ‘need-to-know’ basis;
- organisations that provide RedR with professional advice, such as medical practitioners, related health service providers, solicitors, insurers, accountants and business advisors;
- financial institutions for payment processing;
- an individual’s agent or authorised representative;
- referees whose details are provided to us by job applicants;
- third parties who support our information technology or handle mailings on our behalf;
- law enforcement agencies, other governmental agencies or third parties if we are required by law to do so, or in other limited circumstances (for example if required by a court order or regulatory authority, or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect our website, our products or our technology assets or the rights, property or personal safety of any person);
- other government agencies that we receive funding from;
- local authorities engaged in or relevant to our humanitarian work;
- other persons authorised by or responsible for you (such as your employer if you participate in one of our training courses in the course of your employment or a health advisor if you authorise us to).
We may also disclose your Personal Information in the following circumstances:
- when you join the Standby Register of personnel, and indicate your interest in nominating for a field vacancy, we may disclose relevant Personal Information with the organisation responsible for that vacancy, usually a United Nations aid agency; and
- when you are mobilised for a field assignment, certain information about you, your role, your destination is shared with the Australian Government (’Smart Traveller’ and authorised Australia Assists program staff). This disclosure relates to your safety and security when undertaking an assignment.
Where disclosures are made to our contractors, we take contractual or other reasonable measures to ensure that the contractors protect your Personal Information in compliance with the APPs and any other relevant provision set out in the Privacy Act. If the Personal Information that RedR is disclosing is of a highly sensitive nature, RedR may require its contractors to complete their work in-house and will not permit them to disclose that Personal Information to subcontractors. In each case, we may disclose Personal Information to the service provider and the service provider may in turn provide us with Personal Information collected from you in the course of providing the relevant services.
We may also disclose information to provide our products and services, to respond to legal requirements, enforce our policies, and protect our rights and property.
Cross border disclosure of your Personal Information
In some cases, the persons to whom we disclose your Personal Information may be located overseas such as staff, government agencies or local authorities engaged in or relevant to our work. In this case, we will only make the disclosure to the extent reasonably necessary and will take reasonable steps to ensure that the third party handles your Personal Information in accordance with Australian privacy laws.
10. How we hold and secure your Personal Information
RedR is committed to keeping your Personal Information secure and confidential. We will take reasonable steps to protect Personal Information from loss, misuse, interference unauthorised access, modification or disclosure.
We generally store your Personal Information in electronic databases. Some of these databases may be held on our behalf by third party contractors. We may also keep paper documents which are held in locked drawers and cabinets and which may also be archived in boxes and stored offsite in secure facilities.
We use physical and technical security processes to protect the confidentiality and security of the Personal Information that we hold, including to protect the Personal Information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure.
RedR retains application forms, CVs and relevant certifications of Standby Register applicants for a minimum of 5 years in soft copy. The Personal Information of applicants is stored securely, with only personnel of the relevant team having access. The Personal Information of archived Standby Register Personnel, both soft and hard copy, will be maintained for 5 years and stored in a secure archive location.
We will destroy or de-identify Personal Information that is no longer needed.
The steps we take to secure the Personal Information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to Personal Information on our systems to staff who need that access to carry out their duties), staff training and workplace policies.
Online credit card payment security
We process payments using EFTPOS and online technologies. All transactions processed by us meet industry security standards to ensure payment details are protected.
While we strive to protect the Personal Information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, please contact our Privacy Officer (contact details below).
You acknowledge that the security of online transactions you conduct using the website cannot be guaranteed. To the fullest extent permitted at law, RedR does not accept responsibility for misuse of or loss of, or unauthorised access to, your Personal Information where the security of that information is not within RedR’s control.
If you are a registered user of our website, you can also help to protect the privacy of your Personal Information by maintaining the confidentiality of your username and password and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
An IP (internet protocol) address is a number that is automatically assigned to your computer by your internet service provider when you log on. Your IP address is not linked to your Personal Information but we do preserve the right to use IP addresses to identify individuals who may threaten our site, services or clients. IP addresses may also be used to help diagnose problems with our website and to gather broad demographic information.
Third party websites
If there is any breach of your Personal Information, RedR will deal with such breach and notify you in accordance with its obligations under the Privacy Act.
11. Accessing and correcting your Personal Information held by us
Please contact our Privacy Officer (contact details below) if you would like to access or correct the Personal Information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the Personal Information we hold is properly protected.
We will generally provide you with access to your Personal Information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg, by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct Personal Information that we hold about you, or if we are satisfied that the Personal Information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If we correct Personal Information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, we will take reasonable steps to do so, unless this would be impracticable or unlawful.
Timeframe for access and correction requests
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
What if we do not agree to your request for access or correction?
If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out:
- the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so); and
- available complaint mechanisms.
In addition, if we refuse to correct Personal Information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this in such a way that will make the statement apparent to users of the information.
12. Your right to lodge a complaint
If you have a complaint about how we have collected or handled your Personal Information, please contact our Privacy Officer (contact details below).
We will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week. If your complaint cannot be resolved at the first instance, we will ask you to submit your complaint in writing.
If you submit your complaint in writing, We will inform you of the RedR representative that will be handling your complaint and you may contact us to enquire about the progress of your complaint at any time.
In most cases, written complaints will be investigated and a response provided within 30 days of receipt. If the matter is more complex and our investigation may take longer, we will write and let you know, and tell you when we expect to provide our response.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au or by calling the OAIC's enquiry line at 1300 363 992.
13. RedR Privacy Officer contact details
Please contact us if you have any queries about the Personal Information that we hold about you or the way we handle that Personal Information. Our Privacy Officer contact details are set out below:
RedR Privacy Officer
55 - 61 Barry St, Carlton VIC 3053
Email: [email protected]
Telephone: (03) 8341 2666
15. Document control
11th Sept 2020
12th Sept 2022