Privacy Policy
- Introduction
Endometriosis Western Australia Inc. (“we”, “us” and ‘our”) is a volunteer driven not-for-profit organisation that supports Western Australians affected by endometriosis.
Our vision is to provide people affected by endometriosis with access to the best quality information and support.
- Purpose of this Privacy Policy
We are committed to protecting the privacy of individuals and we recognise that personal information is a valuable asset. We are required to comply with the Australian Privacy Principles (APPs) set out at Schedule 1 of the Privacy Act 1988 (Cth) (Privacy Act).
This policy explains how we collect, use, disclose and store your personal information. It also explains how you may request access to, or correction of, the personal information we hold about you.
- What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
- What personal information do we collect?
We collect a range of personal information depending on how you engage with us. For example:
- if you are a volunteer, we will collect your name, date of birth and contact details;
- if you are a member or sponsor, we will collect your name, date of birth, contact details, occupation and whether or not you have endometriosis (if you have endometriosis, you may be eligible for additional services or benefits from us);
- if you are a member of our Facebook page, or otherwise engage with us through our social media channels, we will collect your name and any information, including health information, that you choose to provide to us; and
- if you make a donation to us, we will collect your name, contact details, and payment details.
Some of this personal information may be ‘sensitive information’ for the purposes of the Privacy Act. Sensitive information is afforded greater protections under the Privacy Act.
Sensitive information includes health information. This means that if you tell us that you have endometriosis, this constitutes us collecting your health information.
Sensitive information also includes a range of other information, including information about your racial or ethnic origin, genetics, political opinions, sexual preferences or practices, criminal record and particular biometric information.
We only collect your sensitive information if:
- it is reasonably necessary for our functions and activities, and you consent to the collection of your sensitive information; or
- the collection of your sensitive information is required or authorised by law.
Collection of other information via our website
When you access our website, we may collect information about your visit and use cookies to collect information about which pages you view, how you reach them, what you do when you visit a page, and the time spent on the page.
Cookies are small data files placed on your computer that provide us information about the performance of our website in providing content to you. We may also gather IP addresses as part of our business activities and to assist with any operational difficulties or support issues with our website. IP addresses and cookie information do not identify you personally, only the device that you are using. We also use this type of information collected from our website to help us identify how our website is being used, and to make improvements.
- What if we don’t collect personal information?
If we do not collect your personal information, this may significantly limit the services that we are able to provide to you.
However, there may be instances in which you can engage with us anonymously, or where you can use a pseudonym. For example, you can view our website, send emails and make phone call enquiries without identifying yourself.
- How do we collect personal information?
We collect your personal information in a number of ways. For example, we may collect your personal information if you contact us via:
- our website;
- email;
- telephone; or
- our Facebook page.
We may also collect your personal information if you attend an in person event.
While we generally collect personal information directly from you, we may collect your personal information from a third party if this is permitted by the Privacy Act.
- Why do we collect personal information?
We collect, use and disclose personal information to:
- provide people affected by endometriosis, including their family and carers, with access to information, care and support in respect of endometriosis;
- receive and manage donations;
- manage our administrative functions, including the recruitment and management of volunteers, members and sponsors;
- manage and maintain our contact and distribution lists;
- inform our grant applications; and
- share a member’s personal endometriosis experience (for example, with the media), but only where the member has expressly consented to this use and disclosure of their personal information.
We may also collect your personal information for other purposes, if:
- we notify you of these purposes when we collect the information;
- you consent to the collection of the personal information; or
- we are required or authorised by law to collect the personal information.
We may use your personal information to send you information about our services and initiatives, if you have given your express or implied consent to receiving such information, or if we are otherwise authorised by law to use your information.
However, you can withdraw your consent to your personal information being used to send you information about our services and initiatives by opting out of email subscriptions (using the opt-out link at the bottom of the email) or by contacting our Privacy Officer (see section 12 below).
- Disclosure of personal information
We may disclose your personal information to third parties for the purposes set out in section 7 above. For example, we may disclose your personal information to:
- entities responsible for providing support services, if you have asked us to refer you to an appropriate support service;
- financial institutions, to enable us to process donations; and
- our contracted service providers.
We may also disclose your personal information to another third party if this disclosure is required or authorised by law.
- Cross-border disclosure of personal information
We do not generally disclose personal information to any recipients outside of Australia. However, in the event that we are required to disclose personal information to a recipient outside of Australia, we ensure that this disclosure complies with the Privacy Act.
- Storage of personal information
We store your personal information in secure databases within our ICT systems.
We take reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. For example, access to our databases is strictly controlled,
We also destroy or de-identify personal information when we no longer require that information to fulfil our functions and activities.
- Access to, and correction of, personal information
You may request access to the personal information that we hold about you. You may request access in a particular form (e.g. hard copy or electronic).
You may also request that we correct the personal information that we hold about you, if that information is inaccurate, out of date, incomplete, irrelevant or misleading. We are required to take reasonable steps to correct such information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
We may ask you to verify your identity before we process an access or correction request, to ensure that your personal information is appropriately protected. We may also ask you to pay a fee if you make a complex access request. This fee is to cover our reasonable costs for locating the relevant information and providing it to you.
There may be instances in which we are not required by the Privacy Act to give you access to your personal information, or to correct the personal information that we hold about you. If we cannot process your access or correction request, we will notify you in writing and give you further information about other options that may be open to you.
We aim to process access and correction requests within 30 days of receipt.
- Complaints
If you have any questions or would like to make a complaint about how we have handled your personal information, please contact our Privacy Officer.
By post:
Privacy Officer
PO Box 711
Cloverdale WA 6985
By email:
info@endometriosiswa.org.au
We aim to acknowledge receipt of queries and complaints within 14 days of their receipt. We then respond to queries, and investigate and respond to complaints, in a timely manner. We aim to respond to queries and complaints within 30 days of receipt, but it may take longer if the matter is complex.
If you are not satisfied with our response to your query or complaint, you may make a complaint to the Office of the Australian Information Commissioner. Please refer to https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us for further information.
- Changes to this Privacy Policy
We may amend this policy from time to time. We ensure that the current version of the policy is available on our website. However, you may also obtain a copy of this policy by contacting our Privacy Officer (see section 12 above).
Last updated in November 2023.