Know your rights as a user of www.cnv.org.au.
Centre for Non-Violence Inc. (“CNV”) is committed to responsible privacy practices and compliance with the privacy principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”), the Privacy and Data Protection Act 2014 (Vic) (“PDP Act”), the Health Records Act 2001 (Vic) (“Health Records Act”), and other applicable legislation.
What kinds of personal information do we collect?
CNV only collects personal information which is necessary to provide services to you, or to comply with its legal and regulatory requirements.
Personal information is generally defined as information or an opinion about an identified individual, or an individual who is reasonably identifiable. The personal information which we may collect from you includes:
- contact details including your name, address, email address and telephone numbers;
- information contained in identification documents, such as your driver’s licence or passport;
- date and place of birth;
- information contained in referral forms, or obtained during the intake procedures and the provision of our programs and services;
- occupation, current/previous employer/s, and education/work history;
- financial and tax information; and
- Internet Protocol (IP) addresses.
Sensitive information is a strictly regulated subset of personal information. The sensitive information we may collect about you includes information about your racial or ethnic origin, health information such as any relevant illnesses, disabilities or injuries, your criminal record, your religious beliefs, and your sexual orientation.
Except as described in this section, we do not generally require you to disclose any sensitive information to us. If you do provide us with sensitive information for any reason, we will ask you to consent to us collecting that information and using and disclosing that information for the purpose for which you disclosed it to us, and as permitted by the Privacy Act and other relevant laws. We may disclose your sensitive information without your consent in limited circumstances, where required by law. For example, if the safety of you or your family may be at risk, we may share your sensitive information with certain entities under the Family Violence Information Sharing Scheme and the Child Information Sharing Scheme to help you manage that risk.
How do we collect your personal information?
We may collect personal information directly from you, or in the course of our dealings with you, for example when you:
- provide personal information to us, our agents or our sub-contractors;
- apply for a position of employment with us;
- use our website or services (including via cookies); and
- contact and correspond with us, for example through our feedback form or if you request access to information.
We may also collect personal information from third parties who we interact with when providing services to you (for example, health practitioners, Victoria Police, government departments including the Department of Families, Fairness and Housing, and other similar organisations).
We may use “cookies” and similar technology to collect certain information through our websites and other technology applications. The use of such technologies is an industry standard and helps to monitor how visitors use our website. We may use such technologies to generate statistics, measure your activity, improve the usefulness of our website, and enhance the “customer” experience.
Use & Disclosure
CNV may use or disclose your personal information in order to:
- provide our services and programs to you and/or your family;
- improve our services and programs;
- respond to a request for information, issue or complaint;
- contact you in relation to a current employment application or future employment opportunity;
- if you are a CNV employee, maintain your employee record and manage your employment with us (for example, by making payments to you or contacting you in the course of your employment);
- contact nominated referees when considering an employment application; and
- contact you for any of the above reasons, or in another capacity in which you have provided your contact details (for example, as a donor, supplier or referrer).
CNV is also permitted to use or disclose your personal information:
- for a secondary purpose that is related to the purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that purpose;
- where you have expressly or impliedly consented to the use or disclosure;
- as an Information Sharing and Risk Assessment Entity under the Family Violence Information Sharing Scheme; and
- where the use or disclosure is authorised or required by or under Australian law or court/tribunal order.
To whom do we disclose personal information?
We will only disclose your personal information to a third party when it is required to achieve the above purposes. This may include disclosing your personal information to the following types of third parties:
- our employees, contractors and other third parties that provide goods and services to us or otherwise assist us to provide our services and programs to you;
- any third parties to whom you have directed or permitted us to disclose your personal information (e.g. support workers or health care professionals);
- third parties that require the information for law enforcement or to prevent a serious threat to public safety;
- authorised Information Sharing Entities under the Family Violence Information Sharing Scheme;
- our accountants, insurers, lawyers, auditors and other professional advisers and agents;
- if you are a prospective employee, to our related companies and HR related service providers (e.g. for outsourced payroll processing); and
- as otherwise authorised or required by law.
Where we disclose your personal information to a third party we will use reasonable efforts to ensure that the third party only uses your personal information as reasonably required for the purpose we disclosed it to them, and in a manner consistent with the Privacy Act, the PDP Act and the Health Records Act.
Personal information will not be sold or otherwise transferred to unaffiliated third parties, or disclosed outside of Australia, without the express approval of the individual.
Storage & Security
We take reasonable steps to ensure your personal information is protected from misuse, loss, and unauthorised access, modification, or disclosure. Access to systems, applications, and the information we collect is limited to authorised staff members only. We store personal information on secure CNV or Victorian Government-controlled online servers and databases and/or in hard copy and implement reasonable physical and electronic security measures to protect any records that we hold which contain your personal information.
CNV will take reasonable steps to maintain and dispose of information in accordance with the Public Records Act 1973 (Vic) and other relevant legislation. Information that is retained will be archived in a certified, offsite high security storage facility. When personal information is no longer required it is destroyed in a secure manner. For more information, please refer to Records Management Policy Procedures.
However, except to the extent liability cannot be excluded due to the operation of legislation, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information. Please notify us immediately if you become aware of any breach of security.
Access & Correction
CNV takes care to ensure the information collected from you is accurate, up-to-date and complete. You may request access to, or correction of, documents that contain your personal information which are in our possession. We will only restrict this access, in part or full, when we have a good reason to do so which is allowed or required by law (such as to protect another person’s privacy or safety).
We require proof of identity before providing you with access. If you are trying to access someone else’s information because you are their authorised representative you will need to provide both proof of your identity and evidence of your authority.
CNV will take all reasonable steps to provide access to requested information within a reasonable period of the request being received (which should generally be no longer than 30 days). Where permitted by law we may charge an administration fee for granting access to your personal information.
If you wish to request access to, or the correction of, any personal information please request a copy of the CNV Request Form: Accessing/Correcting Personal Information or contact us using the details below.
We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving the relevant issue in a timely and efficient manner. Our target response time is 30 days. We request that you cooperate with us during this process and provide us with any relevant information that we may need. If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (www.oaic.gov.au).