INTRODUCTION
Returned & Services League Of Australia (Queensland) Ipswich Sub
Branch Incorporated ABN 93 910 373 709 (we, us and our or Ipswich RSL
Sub Branch) respects and upholds the privacy rights of individuals.
We are sensitive to privacy issues and take seriously the ongoing trust
placed in us. We have committed to compliance with the Privacy
Act 1988 (Cth) (Privacy Act), including the Australian Privacy
Principles (APPs), which detail how personal information may be
collected, used, disclosed, stored and destroyed, and how an individual
may gain access to or make complaints about the personal information
held about them.
This document is our Privacy Policy and describes how we handle your
personal information.
Personal information is information or an opinion about an identified
individual, or about an individual who is reasonably identifiable.
Sensitive information, a sub-set of personal information, is
information or an opinion about an individual’s racial or ethnic
origin, political opinions, political association membership, religious
beliefs or affiliations, philosophical beliefs, professional or trade
association membership, trade union membership, sexual orientation or
practices or criminal record, and includes health information and
genetic information.
COLLECTION OF YOUR PERSONAL INFORMATION
We only collect personal information that is necessary for what we do
such as:
providing membership services;
providing veteran research and rehabilitation services;
providing pension, advocacy and welfare services;
providing accommodation services; and
providing financial support services.
The types of personal information we may collect depends on the purpose
for which we need the information and may include the following:
your contact details, including your full name, street address, billing
address, postal address, email address; and telephone number;
your date of birth and age;
your occupation;
your service record;
information concerning your dealings with the Department of Veterans
Affairs;
your payment information, including details of your superannuation fund;
your RSL membership number;
your IP address, browser type, domain names, browsing preferences,
access times and the addresses of referring websites;
proof of identity information and documentation including driver's
license, passport or birth certificate information;
proof of income information and documentation;
next of kin and emergency contact information.
We may also collect sensitive information from you when we engage with
you as part of providing our veteran rehabilitation and welfare support
services including:
mental health support;
emergency financial assistance;
bereavement assistance;
help with compensation claims through the Department of Veterans’
Affairs;
referrals to peer support groups and other specialist services;
visits to the sick, injured and lonely in hospital and/or at their
homes;
short term crisis accommodation; and
subsidised longer-term housing solutions.
We may also collect sensitive information about you where there is a
legal requirement to do so, or where we are otherwise permitted by law.
The kinds of sensitive information that we may collect and hold from
you or about you include your physical and mental health information,
including your medical history and treating doctor.
HOW WE COLLECT AND HOLD PERSONAL INFORMATION
We will, where possible, collect your personal information directly
from you, unless it is unreasonable or impracticable for us to do so.
If we collect your personal information from another person and it is
unclear that you have consented to the disclosure of that information
to us or that information is otherwise not permitted to be disclosed to
us, we will, whenever reasonably possible, make you aware that we have
done this and the reasons for doing so. For example, we may collect
personal information from you through telephone calls, your emails,
website contact forms and other correspondence to us.
If you do not provide some or all of the personal information we
request, we may be unable to effectively provide our services to you.
WEBSITE USAGE INFORMATION AND COOKIES
Our website www.ipswichrslsb.com.au uses small data files called
cookies on your computer, which you can choose to accept or decline.
One of the primary purposes of a cookie is to save you time. A cookie
tells the web server that you have returned to a specific webpage. For
example, if you personalise the webpages on our website or register
with us through our website, the cookie helps the website to recall
your specific information on subsequent visits.
This simplifies the process of recording your personal information,
such as billing address, postal address and so on. When you return to
the same webpage, the information you previously provided can be
retrieved so you can easily use the website features that you
customised.
You have the ability to accept or decline cookies. Most web browsers
automatically accept cookies, but depending on your browser, you can
modify your browser settings to decline cookies if you prefer. If you
choose to decline cookies, you may not be able to fully experience the
interactive features of our website.
There is also information about the hardware and software on your
computer that is automatically collected by our website. This
information can include your IP address, browser type, domain names,
browsing preferences, access times and the addresses of referring
websites. This information is used by us to maintain the quality of our
website and to provide us with information regarding the use of our
website.
We encourage you to review the privacy statements of websites you
choose to click through to from our website so that you understand how
those websites collect, use and share your information. We have no
control over and are not responsible for the manner in which the hosts
of other websites use personal information they collect from you.
WHAT WE DO WITH YOUR PERSONAL INFORMATION
We use the personal information we hold about you to do the following
things:
provide membership services to you;
act as your representative in any matters that may arise from time to
time involving the Department of Veterans Affairs;
provide welfare services to you;
provide accommodation services to you;
liaise with other District Branches and Sub Branches with whom you are
involved;
administer contracts into which we may enter with you;
accept donations from you;
supply goods to you;
administer your involvement as a volunteer with us;
communicate with you concerning our activities;
respond to feedback from you;
develop and/or test our systems;
for our own internal administrative purposes.
With your consent, we do the following:
communicate promotional offers and special events to you;
conduct fundraising;
conduct marketing activities;
plan to improve services we offer to our members and the veteran family
in accordance with our charitable objects.
SITUATIONS WHERE WE MAY DISCLOSE YOUR PERSONAL INFORMATION
We will not disclose your personal information to any person except to
other District Branches, Sub Branches, related entities, contractors,
suppliers, distributors and agents used by us in the ordinary course of
our business. This may include for the purposes of the
administration of membership services, mailing services, distribution
services, IT services, data analysis, research, advertising or
consultancy services.
In doing so, we will take all steps as are reasonable to ensure that
these parties respect and uphold the provisions of this Privacy Policy
in relation to your personal information.
We may also need to disclose your personal information where we:
are under a legal duty to comply with any legal obligation or in order
to enforce or apply our terms and conditions; or
need to disclose it to protect our rights, property or safety of our
members, customers or others, including the exchange of information
with other companies, organisations and/or governmental bodies for the
purposes of fraud protection and credit risk reduction.
OVERSEAS DISCLOSURE
We do not ordinarily disclose your personal information overseas,
however, before any personal information is disclosed to a recipient in
a foreign country, the Privacy Act requires us to take such steps as
are reasonable in the circumstances to ensure that the recipient does
not breach the APPs in relation to the information. If you consent to
the disclosure of your personal information to overseas recipients, we
are not required to take such steps.
By submitting your personal information to us, you expressly consent to
the disclosure, transfer, storage or processing of your personal
information outside of Australia. In providing this consent, you
understand and acknowledge that countries outside Australia may not
have the same privacy protection obligations as Australia in relation
to personal information. If your personal information is mishandled in
any jurisdiction, we disclaim responsibility and you will not have a
remedy under Australian law.
DIRECT MARKETING
By submitting your personal information to us, you expressly consent to
us using your personal information to provide you with information
about our products, services or events which we consider may be of
interest to you or engage in any other direct marketing activity.
We may also use your personal information for the purpose of providing
you with other information, if it is within your reasonable
expectations that we would send you such information given the nature
of previous communications with you.
You may at any time opt out of receiving any communications from us
(other than as required for the operation of our activities) by using
the “unsubscribe” facility included in an email you receive from us or
by contacting us using the details set out at the bottom of this
document.
PSEUDONYMITY OR ANONYMITY
You have the option of not identifying yourself, or of using a
pseudonym, when dealing with us provided it is lawful and practical to
do so.
DATA SECURITY
We store personal information:
contained in paper based and other hard copy documents both at our
office and at off-site secure storage facilities; and
contained in electronic records, in a controlled and secure environment.
Your personal information is only accessible by those persons who
require access to the personal information for the purposes of carrying
out their work on our behalf.
When personal information (such as payment information) is transmitted
to other websites, it is protected through the use of encryption, such
as the Secure Socket Layer (SSL) protocol.
We will take all reasonable steps to protect the personal information
we hold from misuse and loss and from unauthorised access, modification
or disclosure.
If we suspect that a data breach has occurred, we will follow the
requirements of the Data Breach Notification scheme under the Privacy
Act. The requirements include notifying affected individuals and the
Office of the Australian Information Commissioner in some circumstances.
DESTRUCTION AND DE-IDENTIFICATION
We will retain your personal information whilst it is required for any
of our business functions, or for any other lawful purpose. We
will destroy or de-identify personal information in accordance with our
data security and data destruction policies or when our legal
obligations to retain the information have expired and the information
is no longer needed by us.
ACCESS TO YOUR PERSONAL INFORMATION
You may request access to the personal information we hold about you by
writing to our Privacy Officer at the address below.
You do not have to provide a reason for requesting access. Except in
circumstances established under the APPs, if we hold personal
information that you are entitled to access, we will endeavour to
provide you with a suitable range of choices as to how you may access
that information (e.g. post or collection). We may ask you to complete
an Access Request form to help us identify and locate the information
being requested.
If you believe that the personal information we hold about you is
incorrect, incomplete or inaccurate, you can ask us to amend it. We
will consider your request and:
if we agree that the information we hold is inaccurate, we will amend
it; or
if we do not agree, then we will add a note to the personal information
stating that you disagree with its accuracy.
YOUR CONSENT
By using our website you are agreeing to our collection, disclosure,
use and storage of your personal information in accordance with this
policy.
COMPLAINTS AND CONCERNS
If you have a problem, complaint or wish to enquire about our Privacy
Policy, please contact our Privacy Officer.
We will respond to your complaint in accordance with the relevant
provisions of the APPs as soon as practicable. We treat
complaints relating to privacy very seriously. If you submit a concern
or complaint, we will endeavour to deal with it comprehensively and
reach an outcome where all parties are satisfied.
If you are not satisfied with our response to your complaint, or if you
would like further information about privacy in Australia, then we
suggest you contact the Office of the Australian Information
Commissioner at oaic.gov.au.
YOUR PAYMENT INFORMATION
Ipswich RSL Sub Branch's systems and providers are compliant with the
Payment Card Industry Data Security Standard (PCI DSS), and undergo
rigorous audits and testing to ensure that confidentiality and the
integrity of our systems and information are upheld.
Ipswich RSL Sub Branch regularly performs security, vulnerability and
malware scanning to ensure our site remains free of vulnerabilities or
malicious software.
Your personal information is contained behind secured networks and is
only accessible by a limited number of persons who have special access
rights to such systems and are required to keep the information
confidential. In addition, all sensitive/credit information supplied is
encrypted via Secure Socket Layer (SSL) and Transport Layer Security
(TLS) technology.
We implement a variety of security measures and encryption methods,
when a user places an order or enters, submits, or accesses their
information, to maintain the safety of your personal information.
All transactions are processed through a secure gateway provider and
your credit card information is not stored on our systems. Financial
information, such as bank account details that are provided in
association with a Direct Debit arrangement are stored in a secure
and/or encrypted format in connection with a transaction.
If you utilise PayPal for your purchase, your PayPal account details
will be collected and stored by PayPal for future transactions in
connection with their Privacy Policy which can be found here.
GDPR - PROCESSING EU PERSONAL DATA
This section entitled “GDPR – Processing EU Personal Data” only applies
if you access our products or services in the EU and your personal data
(as defined in this section) is processed and/or monitored as a result.
General - When we process your personal information, we will comply
with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”),
any local implementing laws and any successor legislation to the GDPR
and the local implementing laws. We are the data controller (as defined
in GDPR) of the data you pass to us pursuant to this policy.
Where we refer to “personal information” throughout this policy, it has
the meaning set out in the Privacy Act (as explained at the beginning
of this policy) and also the meaning given to “personal data” in the
GDPR. “Processing” has the meaning set out in GDPR and, in practice,
means doing anything with your personal information, including storing
it.
Retention
If we receive a “return to sender”, bounce-back email or similar
message when we contact you, we will delete the relevant personal
information from our system. We will also delete or update your
personal information if you ask us to do so in accordance with the
requirements of GDPR.
Grounds for processing - we collect most of your personal information
on the grounds of our legitimate interests or fulfillment of a
contract. If we deem it appropriate, we may also rely on legitimate
interests to send you marketing communications. If we are unable to
rely on legitimate interests or another ground to process your personal
information, we will seek consent from you in accordance with the
requirements of GDPR.
If we have obtained consent from you to process your data, you have the
right to withdraw your consent at any time. To withdraw your consent,
please contact us using the contact information set out below. Please
bear in mind that if you withdraw your consent it may affect our
ability to carry out tasks for your benefit. Withdrawal of your consent
will not affect any processing we have carried out in respect of your
personal information prior to you withdrawing consent.
In the section entitled “What we do with your personal information”, we
have explained that we may need to disclose your personal information
to certain third parties. If any of those third parties are located
outside of the European Economic Area (EEA) we will ensure that there
are appropriate safeguards in place when the data is transferred in
accordance with the requirements of GDPR.
Your rights – there are a number of rights available to you under GDPR.
These include:
the right to access your personal information and ask us to provide
certain information about the processing we carry out in respect of
your personal information;
the right to ask us to rectify any personal information we process that
you believe is incorrect or incomplete;
the right to ask us to erase your personal information; the right to
ask us to restrict the processing we carry out in respect of your
personal information, or to object to the processing we carry out; and
the right to have your data provided to another data controller in a
structured, commonly used and machine-readable format (data
portability).
Please note that there are some exceptions and caveats to the rights
listed above.
Complaints – in addition to your rights set out above in the section
entitled “Complaints and Concerns”, you are entitled to complain to the
relevant supervisory authority in your jurisdiction. A list of the
supervisory authorities throughout the European Union is available here.
CHANGES TO THIS PRIVACY STATEMENT
It may be necessary for us to review and revise our Privacy Policy from
time to time. An amended version will be posted on our website at
www.ipswichrslsb.com.au.
OUR CONTACT DETAILS
If you have any questions about this policy or if you have any
complaint regarding the treatment of your privacy by us, please contact
us in writing using the following details:
Privacy Officer
Ipswich RSL Sub Branch
63 Nicholas Street,
Ipswich QLD 4306
Ph: (07) 3281 4159
irslsb@bigpond.net.au
Last updated: 12 August 2022