Safe EnvironmentContact
  • Safe Environment
  • Contact

Privacy Policy

1. Introduction

YMCA NSW delivers a range of programs and services including camps, before and after school care, community recreation and sporting facilities, swimming pools and youth services.

We are committed to the responsible collection, use, storage and disclosure of personal information, as required by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in that Act.  We respect the privacy of our clients, participants, parents and other visitors to our facilities.

This privacy policy explains how we collect and handle personal information, including sensitive information, of our clients.  It demonstrates our commitment to managing personal information in an open and transparent manner.

‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.  This policy does not apply to our handling of information which is not personal information as defined in the Privacy Act.

‘Sensitive information’ means personal information about you that is of a sensitive nature, including information about health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record. Special requirements apply to the collection and handling of sensitive information.

This privacy policy applies to YMCA NSW and entities controlled by YMCA NSW, including the YMCA of Sydney Youth and Community Services and the Young Men's Christian Association of Sydney.

2. Collection of Personal Information

We collect personal information of our clients, including participants in our programs, parents and visitors to our facilities.  When we receive personal information about you, we will handle it in accordance with the Privacy Act and the APPs.  We only collect personal information if it is reasonably necessary for one or more of our functions or activities.

We will give you the option of remaining anonymous or using a pseudonym in your dealings with us, provided that it is lawful or practical to do so.

2.1 Kinds of personal information collected and held

2.1.1 Personal information of our clients

We collect the minimum personal information that is necessary to provide you with a service that you have requested, or to ensure that we comply with legislative requirements.  If you do not wish to provide us with your personal information, we may not be able to provide you with a service that you have requested.

The personal information that we may collect and hold about our clients includes:

  • name, gender, contact details and addresses;
  • date and place of birth;
  • bank account and credit card details;
  • emergency contact details;
  • occupation;
  • driver's licence number;
  • Centrelink reference number;
  • information about any Custody Order;
  • details of YMCA services used; and
  • research data (such as surveys and testimonials).

2.1.2 Collection of sensitive information

In performing our functions and activities we may collect sensitive information about our clients, including:

  • ethnic and cultural background;
  • religion; and
  • information about health (including medical practitioner details and Medicare or health fund details).

The APPs require that we only collect sensitive information from you where:

  • you provide your consent; and
  • the information is reasonably necessary for one or more of our functions or activities.

We also collect sensitive information when we are authorised to do so for the purposes of preventing or lessening a serious threat to life, health or safety; human resource management; taking appropriate action against suspected unlawful activity or serious misconduct; and responding to inquiries by courts, tribunals and other bodies.

2.1.3 Collecting personal information about children and young people

We collect personal information about children and young people under the age of 18 in order to deliver programs and services for children and youth.  We collect personal information about children and young people only with the written consent of a parent or guardian or another authorised person.

2.2 How we collect and hold personal information

We collect personal information by fair and lawful means.  We use forms, online portals, and other electronic and paper correspondence to collect personal information. 

We may also collect your personal information if you:

  • communicate with us by telephone, mail, email or fax;
  • attend one of our facilities in person; or
  • interact with us on our social media.

As far as practical, we collect personal information directly from you.  We collect personal information from third parties only where it is unreasonable or impracticable to collect the information directly from you.  In those circumstances, we may collect personal information from third parties including councils, health services, government agencies, authorised representatives and legal advisers.  We may also collect personal information from publicly available sources of information.

We hold personal information in a range of paper-based and electronic records, including in cloud computing.  Personal information is stored securely, and we conduct regular audits and reviews of our record keeping systems.  We store personal information in Australia, except as specified at section 5.1 below.

We take all reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.  Only authorised staff have access to personal information for approved purposes.  

If we hold personal information about you which we no longer need in order to fulfil the purpose for which it was collected, and we are not legally required to retain that information, we will take reasonable steps to destroy the information or to ensure that the information is de-identified.

2.3 Quality of personal information

We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete, up-to-date and relevant.  However, the accuracy of that information depends to a large extent on the information you provide to us.

We recommend that you:

  • inform us if there are any errors in your personal information; and
  • keep us up-to-date with changes to your personal information such as contact details, billing information or medical information.

We require clients in some of our programs to update their details on a regular basis, or whenever they experience a change in circumstances.  We will advise you if these requirements apply to you.

2.4 Consent

By signing or submitting paper documents or agreeing to the terms and conditions for the use of our electronic documents you are consenting to the collection of any personal information you provide to us.  By acquiring or using our services, products or facilities, you consent to the reasonable collection, use and disclosure of personal information.

3. Purposes for which we collect, hold, use and disclose personal information

To the extent practicable, we will take reasonable steps to notify you of the purpose for which we are collecting personal information at the time when we collect it. 

We collect personal information for the following purposes:

  • administering and managing the services we deliver;
  • ensuring the range and quality of services we deliver;
  • establishing eligibility for our services, and prioritising individuals for those services;
  • assessing your needs and developing personalised plans (such as Individual Care Plans, Positive Behaviour Support Plans, and Fitness, Aquatic and Recreation plans);
  • researching and developing YMCA services; and
  • providing information to funding bodies and government agencies (in accordance with the law).

3.1 Marketing and promotion of our services

Personal information that you provide to us may be placed on our internal database to enable us to advise you of the various products, services and events which we provide. 
If you do not wish to be contacted regarding our other services, you can opt out of receiving those types of communications by instructing us using the contact details at section 8 of this privacy policy. 

4. Our website

If you visit our website and read or download materials, we will receive the following types of information, which will not be used to identify you personally.

4.1 Computer information

To enable communication between your computer and the server hosting our website, it is necessary for your web browser to provide your computer's network address.  This allows our web server to address its replies to the correct machine.  The browser type and operating systems which you use may also be recorded.  We will not use this type of information to personally identify you.

4.2 Navigation and click-stream data

When you browse our website you generate a 'foot-print' or trail of the pages you have visited, the amount of data transferred and the time and duration of access.  This information is recorded against the network address supplied by your web browser.  We will not use this type of information to personally identify you.

4.3 Cookies

A cookie is a very small text file placed on to your computer when you visit a website.  Cookies are used to enhance the online experience.  The cookie is not used to collect or store information about you, only to allocate a temporary identifier to the search session.  Without the session identifier, you might lose the entire search context each time a new page is visited during a session.  Most web browsers recognise when a cookie has been offered or placed on your computer.  Most web browser software enables you to decide whether you wish to reject or accept the cookie.  Check with your software supplier if you are not sure.  If cookies are disabled, you may find that our website provides reduced functionality and speed.  We do not use cookies to identify you personally, to connect your personal identity with your computer address or to track the navigational or browsing habits of identified visitors

4.4 Information logs

The information we collect about the use of our website is recorded in logs for use in the management of our website.  We use statistics drawn from these logs to help us to improve our website and to make it more interesting and relevant to browsers.  The statistics also help us to determine market preferences for the services we offer.  We may use statistics about the use of our website to promote our goods and services or to research market preferences and trends.  No statistical information collected about the use of our website will be linked to your name, address or other identifier.

5. Disclosure of personal information

We hold, use and disclose personal information for the primary purpose for which it was collected (see section 3 above). 

We may disclose personal information to the following kinds of third party organisations and individuals:

  • our professional advisers, including auditors and lawyers;
  • a person to whom we are legally required to disclose the information (for example, to a person who has subpoenaed records from us under a Court process);
  • emergency services personnel (in the event of an emergency);
  • organisations who assist us to perform analysis for improving the services being delivered to the community;
  • Government, regulatory and other organisations, as required or authorised by law (for example, the NSW Department of Family and Community Services, NSW Police Force and NSW Ombudsman; and
  • contract managers and funding sources for reporting purposes.

We do not disclose personal information about anyone under the age of 18 unless we have the prior written consent of a parent or guardian, or we are legally permitted or required to do so.

We will only use or disclose your personal information for secondary purposes where we are permitted to do so in accordance with the Privacy Act. This may include where:

  • you have consented to this secondary purpose;
  • the secondary purpose is related (or if the information is sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose;
  • it is required or authorised by law; or
  • a permitted general situation exists such as to prevent or lessen a serious threat to life, health or safety.

5.1 Overseas disclosures of personal information

We may store your personal information in facilities supplied by our contractors1 that may be located outside of Australia, including our data hosting and cloud-based IT service providers in Germany and the United States of America, for some of the purposes listed at section 3 above.  Those contractors do not disclose, share or on-sell your personal information and we take reasonable steps to ensure that our overseas contractors do not breach privacy obligations relating to your personal information.

6. Accessing and correcting your personal information

You have a right under the Privacy Act to access personal information we hold about you.  You may also request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

To access or seek correction of personal information we hold about you, please contact us using the contact details set out at section 8 of this privacy policy.

If you request access to or correction of your personal information, we will respond to you within a reasonable period of time (usually 30 days).

The APPs do set out circumstances in which we may refuse to give you access or decline to correct your personal information.  If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which sets out our reasons for refusing your request.

7. Complaints

If you think we may have breached your privacy you may contact us to make a complaint.  Contact details are set out at section 8 of this privacy policy.  Complaints should be made to us in writing.

We are committed to prompt and fair resolution of complaints and we will ensure that your complaint is taken seriously and investigated.  We will keep you informed throughout the investigation of your complaint and will provide you with a written response.  We will usually provide you with a response within 30 days of receipt of your written complaint.

If you are not satisfied with the way we have handled your complaint, you may contact the Office of the Australian Information Commissioner to refer your complaint for further investigation. The Information Commissioner may not investigate if you have not first brought your complaint to our attention.

Office of the Australian Information Commissioner:

Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: GPO Box 5218, Sydney NSW 2001

8. Contact us

If you would like to:

  • ask a question about this privacy policy;
  • request a copy of this privacy policy in another format (such as a paper copy);
  • opt out of receiving marketing and promotional emails from us;
  • request access to your personal information;
  • seek correction of your personal information; or
  • make a privacy complaint

Please contact our Privacy Officer using the details below:

Telephone: 02 9687 6233
Email: privacy@ymcansw.org.au
Post: Privacy Officer, YMCA NSW, P.O Box 1433, Parramatta NSW 2124

9. Review of this policy

This privacy policy was last updated on 12 September 2016.  This policy is regularly reviewed by YMCA NSW and updated as required.


1. Two of our contractors providing IT services are Jotforms and MyEmma and their websites and privacy policies are at https://www.jotform.com/help/9-Privacy-Policy and http://myemma.com/privacy-policy if you require any further information about those entities.