NOT FOR PUBLICATION – This material is a stick in the sand for use as required by the Westmont Foundation Committee
Westmont Foundation is committed to responsible and respectful use and protection of personal information, in compliance with the Australian Privacy Principles of the Privacy Act 1988 (Cth) and all Codes that apply to CBM Australia.
Applicable Codes include the Australian Council for International Development (ACFID) Code of Conduct, the Fundraising Institute of Australia (FIA) Code of Conduct, and the Westmont Aged Care Services Ltd Privacy Statement.
Personal information held by Westmont Aged Care Ltd is principally provided directly by family, residents or staff and those wishing to donate.
Westmont Aged Care Ltd does not sell, rent or swap personal data to or from third parties. Infrequently, Westmont Aged Care Ltd. may obtain personal data, which is not publicly available, from third parties; for example via a third-party survey. Westmont Aged Care Ltd. will then take reasonable steps to advise of that collection, acting always in accordance with the Australian Privacy Principles.
Regardless of source, personal identity is kept confidential, and any personal information an individual or organisation chooses to provide to Westmont Aged Care Ltd is only used for the purposes outlined in this policy.
Personal information held by Westmont Aged Care Ltd may include:
- Contact information (such as name or pseudonym, date of birth, phone numbers, mailing addresses and email addresses);
- Supporter number (each Westmont Aged Care Ltd supporter is allocated a number to assist Westmont Aged Care Ltd in the processing of contact and donation information and to enhance confidentiality);
- Payment information (as needed to securely process donations and issue receipts and to answer queries from supporters about their own donation history);
- Supporter preferences (such as communication preferences or areas of interest);
- Communications with supporters, which may contain further personal information.
Westmont Aged Care Ltd may also hold sensitive information which a person chooses to provide to Westmont Aged Care Ltd, such as information relating to health, religious affiliation, or ethnicity. For workplace participants, including volunteers, sensitive personal information includes police check records.
Westmont Aged Care Ltd holds personal information in order to engage and raise awareness with the public. Westmont Aged Care Ltd uses personal information primarily to:
- Provide supporters with a quality experience;
- Communicate with supporters;
- Process donations;
- Record non-financial support/contributions;
- Enable security checks;
- Analyse our effectiveness, including through surveys and market research; and
- Recruit and relate to workplace participants, partners and contractors
Where personal data is used to communicate by post, email or phone, Westmont Aged Care Ltd will maintain awareness of the opportunity to opt-out of receiving such communications. Contact with a prospective supporter will include information on how to opt out. Information is also provided to existing supporters as to how to change frequency of communications/updates received from Westmont Aged Care Ltd.
If a person does not opt-out, Westmont Aged Care Ltd will assume their implied consent to receiving further communications.
Occasionally, Westmont Aged Care Ltd works with overseas suppliers to reduce overhead costs. This can include activities such as printing, data analysis and digital communications. Where such activities require disclosure of personal information, Westmont Aged Care Ltd takes all reasonable steps to safeguard that personal information in compliance with Australian law.
Westmont Aged Care Ltd takes all reasonable steps to ensure that personal information held and used by Westmont Aged Care Ltd is accurate, relevant and up-to-date.
Westmont Aged Care Ltd does not disclose personal information to other organisations or other individuals (except in limited, consenting or legally required, circumstances).
Westmont Aged Care Ltd does not charge for access to personal information. Any request for access, or to seek to correct information can be made to Westmont Aged Care Ltd via phone (free call), post (Westmont Aged Care Ltd 265 Baranduda Boulevard, Baranduda VIC 3691) or email (email@example.com). A request may reasonably be required to be in writing, both for security reasons and to enable sufficient confirmed detail for Westmont Aged Care Ltd to process a request. On request, Westmont Aged Care Ltd will also disclose the source of personal information held. All requests are subject to any applicable legal restraints.
Westmont Aged Care Ltd maintains a designated Quality Officer who is responsible for investigating any complaints or concerns any person may have about Westmont Aged Care Ltd’s protection of their privacy.
Westmont Aged Care Ltd does not charge for any complaint lodgement.
If a complainant is not satisfied with Westmont Aged Care Ltd’s response, the complainant may refer the matter to the Australian Privacy Commissioner and Westmont Aged Care Ltd will co-operate fully with any resulting process.
Westmont Aged Care Ltd is fully committed to the sustained security of personal, including financial, data entrusted by stakeholders. Westmont Aged Care Ltd’s internal ICT systems are fully compliant with the security requirements of the Payment Card Industry Data Security Standard (PCI DSS). Online donations to CBM Australia are processed in real time using a secure and compliant payment gateway.
As part of Westmont Aged Care Ltd’s commitment to openness about privacy practices, and in accordance with the Privacy Act, Westmont Aged Care Ltd maintains a data breach response plan. This plan covers how Westmont Aged Care Ltd will detect and notify (both affected persons and the Australian Privacy Commissioner) regarding any serious data breaches, regardless of cause. Westmont Aged Care Ltd will carry out reasonable, fair, and prompt assessment of whether an incident is a reportable data breach. This careful management has an important preventative aim as well as maintaining the highest standards of care in response should Westmont Aged Care Ltd experience successful cyber-attack or other misuse of, or interference with, Westmont Aged Care Ltd’s secured data.
This policy is implemented through Board and staff management processes and regular self-assessment review.
The Board and management of Westmont Aged Care Ltd are fully committed to the principles of this policy. Any breach of strategic significance or any material risk associated with this policy will be reported to the Board in a timely manner.