Answer a few quick questions to find out what sea creature your child would be.
YMCA NSW is committed to the responsible collection, handling, storage, disclosure and destruction of personal information, as specified in the Privacy Act 1988 (Privacy Act). We (YMCA NSW) respect the privacy of our clients, staff, partners and the wider community. YMCA NSW commits that:
This policy clearly outlines the requirements for YMCA NSW to fulfil our commitment to privacy and confidentiality. YMCA NSW will ensure full compliance to the Australian Privacy Principles (APP), as detailed in section 14 of the Privacy Act.
This policy applies to YMCA NSW (Young Men's Christian Association of Sydney) and its controlled entities including YMCA of Sydney Youth and Community Services (YCS).
This policy may be accessed by any person who has dealings with the YMCA NSW, including clients, staff, partners and the wider community.
1. Collection of Information
We collect personal information of our staff and clients, including participants in our programs, parents and visitors to our facilities. When we receive personal information about you, we will handle it in accordance with the Privacy Act and the APPs. We only collect personal information if it is reasonably necessary for one or more of our functions or activities.
We will give you the option of remaining anonymous or using a pseudonym in your dealings with us, provided that it is lawful or practical to do so.
1.1. Collection of personal information
We collect the minimum personal information that is necessary to provide you with a service that you have requested, or to ensure that we comply with legislative requirements. If you do not wish to provide us with your personal information, we may not be able to provide you with a service that you have requested.
The personal information that we may collect and hold includes:
1.2. Collection of sensitive information
In performing our functions and activities we may collect sensitive information about our staff and clients, including:
The APPs require that we only collect sensitive information from you where:
We also collect sensitive information when we are authorised to do so for the purposes of preventing or lessening a serious threat to life, health or safety, human resource management, taking appropriate action against suspected unlawful activity or serious misconduct, and responding to inquiries by courts, tribunals and other bodies.
1.3. Collection of personal information about children and young people
We collect personal information about children and young people under the age of 18 in order to deliver programs and services. We collect personal information about children and young people only with the written consent of a parent or guardian or another authorised person.
1.4. How we collect and hold personal information
We collect personal information by fair and lawful means. We use forms, online portals, and other electronic and paper correspondence to collect personal information. We may also collect your personal information if you:
As far as practical we collect personal information directly from you. We collect personal information from third parties only where it is unreasonable or impracticable to collect the information directly from you. Personal information may be collected from third parties including councils, health services, government agencies, authorised representatives, partners and legal advisers. We may also collect personal information from publicly available sources of information.
We hold personal information in a range of paper-based and electronic records, including in cloud computing. Personal information is stored securely, and we conduct regular audits and reviews of our record keeping systems. We store personal information in Australia, except as specified in section 5.1 of this policy.
We take all reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Only authorised staff have access to personal information for approved purposes.
If we hold personal information about you which we no longer need, in order to fulfil the purpose for which it was collected, and we are not legally required to retain that information, we will take reasonable steps to destroy the information or to ensure that the information is de-identified.
1.5. Data Breaches
A data breach occurs when personal information, in any format, held by an agency or organisation is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference. The primary cause of a data breach is not limited to malicious or criminal attack, such as theft or hacking, but may arise from internal errors or failure to follow information handling policies that cause accidental loss or disclosure.
The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Australia Privacy Act 1988 establishes requirements for entities in responding to data breaches. The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Privacy Act from 22 February 2018, including YMCA NSW.
The NDB scheme requires agencies and organisations to notify particular individuals and the Office of the Australian Information Commissioner (OAIC) if an ‘eligible data breach’ occurs. A data breach is eligible if it’s likely to result in serious harm (psychological, emotional, physical, reputational or other forms of harm) to any of the individuals to whom the information relates. The eligible data breach provision applies to the information outlined in subsections 1.1 and 1.2 of this policy:
1.6. Quality of personal information
We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete, up-to-date and relevant. However, the accuracy of that information depends on the information you provide to us.
We recommend that you:
We require staff and clients in some of our programs to update their details on a regular basis, or whenever they experience a change in circumstances. We will advise you if these requirements apply to you.
By signing or submitting paper documents or agreeing to the terms and conditions for the use of our electronic documents, you are consenting to the collection of any personal information you provide to us. By acquiring or using our services, products or facilities, you consent to the reasonable collection, use and disclosure of personal information.
2. Purposes for which we collect, hold, use and disclose personal information
To the extent practicable, we will take reasonable steps to notify you of the purpose for which we are collecting personal information at the time when we collect it.
We collect personal information for the following purposes:
3. Marketing and promotion of our services
Personal information that you provide to us may be placed on our internal database to enable us to advise you of the various products, services and events that we provide.
If you do not wish to be contacted regarding our other services, you can opt out of receiving those types of communications by instructing us using the contact details at section 8 of this policy.
4. Our website
If you visit our website and read or download materials we will receive information types
detailed in subsections 4.1 to 4.4, which will not be used to identify you personally.
4.1. Device information
To enable communication between your device and the server hosting our website, it is necessary for your web browser to provide your device's network address. This allows our web server to reply to the correct device. The browser type and operating systems which you use may also be recorded. We will not use this type of information to personally identify you.
4.2. Navigation and click-stream data
When you browse our website you generate a 'foot-print' or trail of the pages you have visited, the amount of data transferred and the time and duration of access. This information is recorded against the network address supplied by your web browser. We will not use this type of information to personally identify you.
4.4. Information logs
The information we collect about the use of our website is recorded in logs; logs are retained and used to manage our website. We use statistics drawn from these logs to help us to improve our website and to make it more interesting and relevant to browsers. The statistics also help us to determine market preferences for the services we offer. We may use statistics about the use of our website to promote our goods and services or to research market preferences and trends. No statistical information collected about the use of our website will be linked to your name, address or other identifier.
5. Disclosure of personal information
We hold, use and disclose personal information for the primary purpose for which it was collected as per section 1 of this policy. We may disclose personal information to the following kinds of third party organisations and individuals:
We do not disclose personal information about anyone under the age of 18 unless we have the prior written consent of a parent, career or guardian, or we are legally permitted or required to do so.
We will only use or disclose your personal information for secondary purposes where we are permitted to do so in accordance with the Privacy Act. This may include where:
5.1. Overseas disclosures of personal information
We may store your personal information in facilities supplied by our contractors that may be located outside of Australia, including our data hosting and cloud-based information technology service providers in Australia and overseas, for some of the purposes listed in section 1 of this policy. Those contractors do not disclose, share or on-sell your personal information. We take reasonable steps to ensure that our overseas contractors do not breach privacy obligations relating to your personal information.
6. Accessing and correcting your personal information
You have a right under the Privacy Act to access personal information we hold about you. You may also request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
To access or seek correction of personal information we hold about you, please contact us using the contact details set out in section 8 of this policy.
If you request access to or correction of your personal information, we will respond to you within a reasonable period of time (usually 30 days).
The APPs outline circumstances in which we may refuse to give you access or decline to correct your personal information. If we refuse to give you access or make corrections to your personal information, we will provide you with written notice that lists our reasons for refusing your request.
If you think we may have breached your privacy you may contact us to make a complaint. Contact details are set out at section 8 of this policy. Complaints should be made to us in writing.
We are committed to prompt and fair resolution of complaints and will ensure that your complaint is taken seriously and investigated. We will keep you informed throughout the investigation of your complaint and will provide you with a written response. We will usually provide you with a response within 30 days of receiving your written complaint.
If you are not satisfied with the way we have handled your complaint, you may contact the Office of the Australian Information Commissioner (OAIC) to refer your complaint for further investigation. The Information Commissioner may not investigate if you have not first brought your complaint to our attention.
Office of the Australian Information Commissioner:
Telephone 1300 363 992
Post GPO Box 5218, Sydney NSW 2001
8. Contact us
If you would like to:
Please contact our nominated Privacy Officer using the details below:
Telephone 02 9687 9425
Post Chief Risk Officer, YMCA NSW, P.O Box 1433, Parramatta NSW 2150
Any user of YMCA NSW services, programs or facilities including: children, young people, vulnerable adults, adults, families, parents, carers, guardians, and support workers.
Information, knowledge or communication that is not public knowledge (intended to be private) including, but not limited to:
Paid employees of YMCA NSW.
Any person YMCA NSW employs or engages. Includes: paid employees, volunteers, directors, contractors, consultants, and student placements.
Unpaid volunteers, unpaid directors and student placements.