Privacy Policy

1. Introduction The Australian Defence Force Assistance Trustee Company Proprietary Ltd (ADFAT Co Pty Ltd) is the trustee of the Australian Defence Force Assistance Trust (The Trust).

1.1. Purpose ADFAT Co Pty Ltd (The Company) complies with the Australian Privacy Principles (APP) in the Privacy Act 1998 (Cth) which sets out standards, rights and obligations in relation to handling, holding, accessing and correcting personal information.

1.2. Definitions “Personal information” for the purposes of the Privacy Act and this Policy means any information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not, and
• whether the information or opinion is recorded in a material form or not.

“Sensitive information” for the purposes of the Privacy Act and this Policy includes: (a) information or an opinion about an individual’s: (i) racial or ethnic origin; or (ii) political opinions; or (iii) membership of a political association; or (iv) religious beliefs or affiliations; or (v) philosophical beliefs; or (vi) membership of a professional or trade association; or (vii) membership of a trade union; or (viii) sexual orientation or practices; or (ix) criminal record; that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; or (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e) biometric templates.

1.3. Authority The Board has approved this Statement of Policy in accordance with its powers and duties as per Clause 11 of the Constitution of the Australian Defence Force Assistance Trustee Company Pty Ltd (ADFAT).

1.4. Review and Update This Statement of Policy is to be reviewed and updated at least annually. Subject to the significance of changes in the Corporations Law 2001, the Australian Charities and Not-for-Profits Commission Act 2012, the Trust Deed, Constitution of ADFAT and other relevant statutory and contractual requirements, more regular revision and update may be warranted.

2. Relationship to the Group’s Governance Charter This Statement of Policy for Privacy is one element of the Group’s approved Governance Charter. That Charter is the instrument that sets out the overarching philosophy, content and structure of the Governance, Risk and Compliance framework for the Group.

3. Privacy Policy 3.1. Acceptance of Privacy Policy This Privacy Policy applies to the personal information about you that the Company receives. By providing the Company with personal information you agree to the collection, holding, use and disclosure of your personal information in the manner described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy please contact the Company immediately and, in the meantime, refrain from providing the Company with any personal information.

3.2. Kinds of personal information that the Company collects and holds, and the purpose of collection The Company collects and holds personal information (and in some cases sensitive information) relating to:

• applicants seeking financial assistance from the Trust,
• Company employees and contractors,
• donors and sponsors,
• Company directors,
• enquiries received by the Company, and
• the Company’s contractors and suppliers, including for Company events.

Applicants Broadly, the Company collects personal information from applicants where it is relevant to discharging its obligations as trustee of the Trust. This personal information includes the names, addresses, contact details, date of birth, gender, occupations, employment histories, family backgrounds, referees and personal references, awards and achievements and financial records of individuals who have made application to the Company for financial support from the Trust. The information which the Company collects and holds may include some types of sensitive information, as required in order for the applicant to explain their personal history, background or financial situation. Company employees and contractors The Company collects and holds personal information about staff, who are employed by it to work in the administration and in support of the Company and the Trust, for the purposes of staff recruitment, performance management and professional and personal development, as well as general staff administrative functions such as payroll operations. This personal information may include an employee’s name, address, contact details, date of birth, gender, qualifications, occupation, employment history, next of kin, tax file number and banking details, performance agreements and appraisals, performance records, salary and allowances, superannuation details, leave details, references and character checks and security clearances. Similarly, the Company collects and holds personal information about the contractors and suppliers who are engaged by it to provide goods and services under a contract. The information relates to individual contractor and supplier businesses, and the employees of those businesses. The purpose of the information is to enable the Company to select contractors and suppliers that are assessed as offering the best value for money to it, and to effectively manage its contracts with contractors and suppliers. This personal information may include the contractor/supplier name, address, contact details, ABN, previous projects undertaken, financial background, references, contract details, payment details, security checks and performance assessments.

3.3. How the Company collects personal information The Company collects only the information needed for the particular function or activity related to the administration of the Company or the work of the Trust. Where it is reasonably practicable to do so, the Company collects this information directly from the applicant, employee or individual concerned, or an authorised person acting on their behalf. Applicants to the Trust provide the Company with personal information to enable assessment of their application and to take appropriate action in accordance with the terms of the Trust. Personal information may also be collected indirectly or from other sources, such as the Department of Defence, the Department of Veterans Affairs, Ex-Service Organisations or representatives or from public records for this purpose. If this occurs, we will notify you accordingly. The Company requests prospective employees to provide certain personal information to it as part of its recruitment process. New employees provide further personal information on joining the Company, which is added to during the normal course of their employment. Contractors and suppliers provide personal information to the Company as part of procurement processes. They provide further personal information in giving effect to their contract. The Company may also collect information about an individual from a third party such as a contracting company or from a third party service provider such as its recruitment management service provider. The Company may also receive third party personal information through its employees and contractors including details of family members and next of kin. The Company also collects personal information from donors when they make a donation (including online through the Company’s website) and when individuals contact the Company to make an enquiry (including online through the Company’s website).

3.4. Visiting the Company’s website When an individual looks at the Company’s website, the server makes a record of their visit and logs the following information:

• the server address;
• the top level domain name (for example.com; .gov ; .au ; .uk);
• the date and time of the visit to the site;
• the pages accessed and documents downloaded;
• the previous site they visited; and
• the type of browser used.

This information is collected to facilitate website and system administration, including monitoring to prevent security breaches, and to facilitate enhancement of the website. The Company does not attempt to identify users or their browsing activities except in the unlikely event of a criminal investigation, for example, if a law enforcement agency has issued a warrant to inspect our server’s logs. We do not use cookies when people make general visits to our website. External sites that are linked to or from the Company website are not under our control and people are advised to view their privacy statements separately. The Company will not be liable for the use of those websites.

3.5. How the Company holds personal information The Company uses a range of physical and electronic security measures to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These measures include restricted physical access to the Company’s offices, security containers, firewalls, secure databases, computer user identifiers and passwords. Please note however that the internet is not a secure environment and although care is taken, the Company cannot guarantee the security of information provided to it via electronic means.

3.6. How the Company uses and discloses personal information The Company uses and discloses personal information for the primary purpose for which it was collected and held, namely to enable it to discharge its obligations under the Trust and relevant law. Such disclosure occurs to facilitate internal decision making and, when required in accordance with the law, the Company may also share personal information with other agencies, bodies or persons including government agencies or regulatory bodies. Subject to any restrictions imposed by any relevant legislation, the Company may also disclose your personal information to:

The Company’s suppliers, service providers, professional advisers and agents including the following service providers: – professional advisors such as lawyers, accountants and auditors; – providers of systems for recruitment management; – data storage providers; – delivery supply contractors;

• to anyone to whom the Company’s assets or business (or any part of it) is transferred or to whom a security interest in the Company’s assets or business is provided;
• to any new trustee appointed to the Trust;
• where necessary to protect the rights or safety of any of its employees or a third party;
• where an individual to whom the personal information relates has consented to the disclosure; or
• where otherwise required or permitted by law.

The Company may also use and disclose personal information for reasonably expected secondary purposes directly related (for sensitive information) or related (for other personal information) to the primary purpose of collection, or for other purposes permitted under the Privacy Act. The Company will not use or disclose personal information for a secondary purpose (i.e. a purpose other than the primary purpose for which the information was collected and held) unless permitted in accordance with exceptions under the Privacy Act. The Company will not disclose personal information to a person located overseas, unless in the unlikely circumstances it is required, for example, in order for the Company to discharge an obligation in administering the Trust. If such circumstances arise the Company will comply with APP 8 (cross-border disclosure of personal information).

3.7. Email subscription Where our website allows you to subscribe to email updates, we will collect your name and email address from our website. We use this information only for the purpose of sending you regular updates on the activities and work of the Company, and to administer the lists. We store this personal information on servers located in Australia. You may unsubscribe from receiving these materials at any time by contacting us on the details provided at the end of this Privacy Policy or by electing to opt-out when you receive the materials.

3.8. Access to personal information held by the Company Individuals have a right under the Privacy Act to request access to personal information that we hold about them, and to request it to be changed or annotated if it is incomplete, incorrect, out of date or misleading. If you wish to access or correct your personal information, please contact us using the contact details at the end of this Privacy Policy. Where an individual requests access to personal information, the Company may need to verify the individual’s identity before providing such information. It may not be possible for the Company to provide the individual with all of his or her personal information or an exemption under the Privacy Act may apply. In such circumstances the Company will provide the individual with the reasons for not being able to supply the information.

3.9. Correction of personal information held by the Company The Company endeavours to ensure that personal information that is collected and held is accurate, up-to-date, complete, relevant and not misleading. However, if an individual is able to establish that information held by the Company about them is not correct, reasonable steps will be taken to amend it. In the event that the Company is unable to substantiate a proposed correction, reasons for refusal to amend the information will be provided, and a record of our reasons and the individual’s contrary view will be placed on Company files.

3.10. Retention of personal information The Company retains personal information for 7 years.

3.11. Complaints about a breach of privacy If an individual wishes to complain about the way the Company handles their personal information, including if the individual believes the Company has breached the Privacy Act, they are encouraged in the first instance to submit their complaint in writing to the Privacy Contact Officer (see below). If a complaint is made please include your name and contact details, such as an email address and telephone number and clearly describe the complaint. The Company will endeavour to respond within 30 calendar days of receiving the complaint. Under the Privacy Act, the Australian Information Commissioner has the power to investigate complaints, or acts or practices that may be a breach of privacy even if there is no complaint. If an individual has made a complaint to the Company about a Company practice which they think amounts to an arbitrary or unreasonable interference with their privacy, and they do not believe that the matter has been resolved satisfactorily, they should write to the Office of the Australian Information Commissioner (OAIC), preferably using the online Privacy Complaint form. Further information about making a privacy complaint to the OAIC is at: https://oaic.gov.au/privacy/making-a-privacy-complaint. Individuals are able to make a complaint directly to the OAIC rather than to the Company. In most cases, however, it is likely that the OAIC would refer the individual to the Company, in the first instance, to see if the complaint can be resolved without requiring the involvement of the OAIC.

3.12. Periodic Update of this Policy The Company will periodically review the policy and may modify or update it from time to time. The Company encourages individuals to check the Privacy Policy periodically to ensure they are up to date with any changes. The Company welcomes comments from individuals. Comments should be emailed to the Privacy Contact Officer noted below. Updated versions of this Policy will be placed on the Company’s website.

For Further information To find out more about how the Company manages personal information, contact – Privacy Contact Officer Australian Defence Force Assistance Trust. Level 18, 1 Nicholson St, East Melbourne, Victoria, 3002 T: 1800 BRAVERY (1800 272 837)
E: admin@braverytrust.org.au