OUR PRIVACY COMMITMENT
New Media Foundation Ltd is committed to protecting the privacy of the personal information we collect and receive. We recognise the importance of, and are committed to managing, any personal information that we collect in compliance with the Privacy Act 1988 (Cth), which includes the Australian Privacy Principles (these are referred to collectively in this policy as “Privacy Laws”).
We are also required to comply with other laws, including more specific privacy legislation in some circumstances and in some jurisdictions, such as:
- Spam Act 2003 (Cth) and Do Not Call Register;
- Notifiable Data Breaches scheme under Part IIIC of the Privacy Act;
- Applicable data protection laws of other jurisdictions, such as the European Union’s General Data Protection Regulation (“GDPR”).
WHAT IS PERSONAL INFORMATION?
The Privacy Laws define “Personal Information” as follows:
“information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.”
Personal Information means information that specifically identifies an individual, such as a person’s name, address, telephone number, mobile phone number, email address, image or credit card number as well as information about a person’s activities when using our website when it is linked with other information that would enable another user to identify the person.
Generally, we collect and hold the following types of personal information:
- Your name
- Your mailing or street address (if you choose to provide it)
- Your telephone number (if you choose to provide it)
- Your e-mail contact details
- Other information you may make publicly available online (including but not limited to on social media platforms)
- General transaction details (excluding bank account or credit card details) if you make a donation to us or choose to store details in your online profile; and
- Any other personal information which may be required in order to facilitate and where possible improve your details with us.
The Privacy Laws also define “Sensitive Information” as follows:
“Sensitive information is a subset of personal information where information or an opinion is about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, and or criminal record.”
INFORMATION WE COLLECT
PERSONAL INFORMATION WE COLLECT
For certain activities on our website, you will be asked to provide certain identifying information, including your name and email address. You understand that by submitting this information, we will be able to identify you.
We may also retain sensitive information, such as your religious and political opinions, which is a form of personal information, if you have chosen to provide that to us.
DEVICE INFORMATION WE COLLECT
OTHER INFORMATION YOU CHOOSE TO PROVIDE
Whenever you voluntarily disclose personal information on publicly-viewable screens or pages, that information will be publicly available and can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.
INFORMATION ABOUT OTHERS
You hereby give your express consent to for us to access, collect and store personal information about you and other people that is available to us when you log on to our website using your Facebook login or Twitter login. Access and use of this information is subject to the further terms and conditions displayed to you by Facebook or Twitter when you log in.
HOW WE USE YOUR PERSONAL INFORMATION
We collect, store and use your personal information through lawful and fair means, so we can perform our organisation’s activities and functions. We use your personal information to share information, send you communications, administer and manage our website, and raise funds in order to be able to continue to provide you with our services.
We also use your personal information to improve our services, customize services for you, better understand our users, diagnose and fix problems, monitor the use and performance of our website, and sell and display offers and ads that may be relevant to you.
DISCLOSURE OF YOUR PERSONAL INFORMATION TO OTHERS
Except as described below, we will not disclose any information that is obtained from you to third parties without your express written permission. What information we make available to other organizations depends on the nature of our relationships with them. We may disclose personal information, and you consent to us disclosing your personal information, to the following parties:
- Aligned Organizations: We may share your information with other organizations, groups, causes, campaigns or political organizations that we believe have similar viewpoints, principles or objectives to us.
- Analytics Companies: We allow analytics companies to use tracking technologies to collect information about our users’ computer and mobile devices and their online activities. These companies analyze this information to help us understand how our website is being used. Analytics companies may use device IDs, as described in the paragraph below (“Device IDs”). Unlike cookies, Device IDs cannot be deleted.
- Device IDs: In order to recognize you, store your preferences, and track your use of our website, we may store your Device IDs (the unique identifier assigned to a device by the manufacturer) when you use our website. Unlike cookies, Device IDs cannot be deleted.
- Aggregated Information: We may publicly disclose aggregated and anonymised information about our users, such as the total number of our users and their overall demographics.
- Legal matters: We may disclose any information in response to a legal request, such as a subpoena, warrant, court order, or government or regulatory authority demand; to investigate or report illegal activity; or to enforce our rights or defend claims.
- With Your Consent: If you consent to the use and disclosure of certain information, including information you enter during the registration process or while using the website, we may use and disclose that information in accordance with the consent you provided.
Unsolicited personal information is personal information the New Media Foundation Ltd receives that we have taken no active steps to collect.
We may keep records of unsolicited personal information if the Privacy Act permits it (for example if the information is reasonably necessary for one or more of our functions or activities). If not, our policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
EXPORT OF PERSONAL INFORMATION OUTSIDE AUSTRALIA
When you provide your personal information to us, you consent to the disclosure of your information outside of Australia (if applicable) and we will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with Australian privacy law.
By using the website and providing us with personal information about you, you consent to the disclosure by us, and to the storage and use of your personal information, in the United States of America where a different privacy protection regime applies.
EU GENERAL DATA PROTECTION REGULATION (EU GDPR)
This section relates to EU supporters specifically due to compliance with the EU GDPR. New Media Foundation Ltd complies with the GDPR framework regarding the collection, use and storage of personal data from EU member countries. Our legal basis for processing your personal information will typically be because data collected by us has been given consensually for a specific purpose, or because processing is necessary for pursuing a legitimate interest of the organisation.
Legitimate interests include but are not limited to collecting email addresses for communication purposes, financial information for payment purposes or placing cookies to remember passwords and user preferences etc.
All EU members and subscribers have a number of rights under the EU GDPR regulations. This includes:
- The right of access: you have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, you have the right to request and get access to that data.
- The right to rectification: you have the right to obtain from us the rectification of inaccurate personal data and you have the right to provide additional personal data to complete any incomplete personal data. This must be done in writing to confirm your identity.
- The right to erasure (“the right to be forgotten”): in certain cases, you have the right to obtain from us the erasure of your personal data. This must be done in writing to confirm your identity.
- The right to the restriction of processing; you can block or restrict the processing of your personal data.
- The right to object to processing; let us know if you are receiving any material that you’re not happy about and we will do our best to ensure you don’t get it again.
- The right to Data Portability: you can request a copy of your personal data in electronic format and transmit that personal data for use in another party’s service.
- Right not to be subject to Automated Decision-making; you have the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
NOTIFIABLE DATA BREACHES
New Media Foundation Ltd will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information. New Media Foundation Ltd has obligations to its users who reside in Australia (under the Privacy Laws) to put in place security safeguards and take steps to protect the personal information we hold.
In order to prevent unauthorised access to or disclosure of Personal Information, we have taken steps to put in place suitable physical, electronic and managerial procedures to safeguard and secure Personal Information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. However, no system is ever completely secure.
Under the Notifiable Data Breach Scheme (as part of the Privacy Act 1988) (“the Scheme”), we have obligations to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals when an eligible data breach occurs.
An “eligible data breach” is a breach in relation to which the following criteria is satisfied:
- There is an unauthorised access to or unauthorised disclosure of personal information or a loss of personal information that an entity holds;
- This is likely to result in serious harm to one or more individuals;
- The entity has not been able to prevent the likely risk of serious harm with remedial action.
We will act in accordance with the requirements of the Scheme and the guidance of the OAIC in assessing and responding to suspected notifiable data breaches. If we have reasonable grounds to suspect the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach, or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.
If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
ACCESS TO YOUR PERSONAL INFORMATION
We may charge you a reasonable fee for the cost of providing access to your personal information. We will notify you of the fee once you make a request.
CORRECTION AND DELETION OF YOUR PERSONAL INFORMATION
We will investigate your complaint and determine the steps (if any) we will take to resolve your complaint. If you are not satisfied with our determination, you may contact the Office of the Australian Information Commissioner (www.oaic.gov.au).
DEACTIVATING YOUR ACCOUNT
HOW TO CONTACT US
New Media Foundation Limited (ABN 28 113 716 153)
L1 488 Botany Road
Alexandria NSW 2015