Last reviewed July 2020
In the course of its activities, Oaktree collects personal information from a range of individuals including donors, staff members, volunteers, board members, contractors and event participants.
Oaktree will endeavour to handle your personal information in accordance with this Policy and the Australian Privacy Principles (‘APPs’).
At times, Oaktree collects personal information. Some examples include:
Oaktree will only collect, hold, use and disclose this information with your informed consent, or where required by law.
In most of these cases, Oaktree will ask you directly for information (for example, requesting you to complete a donation form or a medical form). Often, to enable our operations, we will need a certain amount of information; for instance, we cannot give you a tax receipt without your name or email address.
You have the right to deal with Oaktree anonymously, unless otherwise required by law.
Some of the information is collected automatically or from another source.
There are a number of technological measures that we use to collect information. Oaktree may:
(a) Use “cookies” provided by third parties to help us better understand how people arrive at and use our website and social media platforms;
(b) Collect IP addresses to better understand where our traffic is coming from, and to provide customised services to supporters;
(c) Use third-party services such as Google Analytics.
This helps Oaktree understand traffic patterns, detect problems and improve functionality with our websites; and (d) Use embedded images in emails to track open rates for its mailings, so that Oaktree can tell which mailings appeal most to its supporters.
URLs contained in emails may contain an ID that enables us to correctly identify the person who takes an action using a web page. We use these URLs to simplify the process of signing petitions and filling out surveys.
In order to raise awareness, fundraise and engage with the public, we need to collect personal information. Oaktree will typically use your personal information to:
(a) Process donations;
(b) Email Oaktree related information, updates and opportunities we think will interest you;
(c) Respond to any questions, comments, queries or concerns;
(d) Request feedback to improve our services and processes;
(e) Update your history and engage and support of Oaktree;
(f) Analyse donor activity; and
(g) Direct social media advertising to you about campaigns you may be interested in.
When you engage with Oaktree on social media platforms such as Facebook, Instagram or Twitter, we may use your personal information, such as your email address, to get in touch. By accessing our website or app settings, you can control how Oaktree contacts you in the future, or alternatively, you can choose to opt-out by emailing firstname.lastname@example.org.
Oaktree endeavours to use ethical practices when sourcing and using information.
Oaktree will only disclose your personal information to an external party when it is necessary. For example, employee contracts are disclosed to external parties for the purposes of an audit. We will take reasonable steps to ensure that these parties deal with any personal information appropriately. These reasonable steps could include:
(b) Keeping the information anonymous where possible; or
(c) Reviewing the external party’s policies regarding privacy and confidentiality.
Whether it be online or in hard copy, when we collect your information we endeavour to do so through a secure response form. We will take appropriate security measures to protect against unauthorised access to your personal information.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While Oaktree strives to protect personal information, it cannot guarantee the security of any information received. As such, provision of such information is done at your own risk. Once your transmission is received, Oaktree will take all reasonable steps to ensure its security and integrity.
Most of the information you give to us will be stored in our online supporter database, NationBuilder. There are strict NationBuilder terms of service, which are available here. Oaktree will also ensure the protection of information stored on NationBuilder by restricting access to authorised persons only and by creating different levels of access. Information may also be stored on Oaktree’s cloud systems, such as Google Drive and Dropbox.
Information on these cloud systems are also protected by the standard security processes outlined below.
Oaktree uses industry standard security technology, as well as industry standard security practices, to protect personal and confidential information that we receive and to prevent that information from being accessed by unauthorised persons. These practices include:
(b) Secure Sockets Layer
(SSL) which encrypts information;
(d) Limiting access to storage networks to Oaktree Representatives whose roles require such access.
If you send us your personal information when we don’t ask for it, we will determine whether or not it would have been permissible to collect that information if we had asked for it. If we find that the collection would not have been permissible, we will destroy or de-identify that information as soon as practicable. If we find that that the collection would have been permissible, then we will treat the information in accordance with this policy.
Oaktree will also destroy or de-identify information that is no longer needed.
If you have supplied us with sensitive or health information, Oaktree will not use or disclose it for anything other than what you have consented to. This is subject to any legal requirement of disclosure.
Oaktree takes the transfer of payment information very seriously. In the case of payment or card details, Oaktree will take special care to ensure that third-party service providers are Payment Card Industry Data Security Standard compliant.
Where a donor requests for their donations to be anonymous, the information required to process the donation will still be stored via the processes outlined in this policy. However, the donor’s name will not be publicly listed.
Oaktree owes a duty of care to all volunteers, contractors and visitors who use or engage with Oaktree’s facilities and workplaces.
To meet our duty of care for all individuals, we will retain sensitive medical information on your behalf to make sure you are not put at an elevated health and safety risk.
This will ensure that Oaktree can implement specific safeguards to limit or prevent you from being adversely affected by foreseeable health and safety risks. Should there be any time you feel unsafe or at risk in the workplace, please feel free to contact your relevant team manager or State Director to discuss your specific needs or requirements.
In the event that you resign from Oaktree, we will destroy your medical information within a 7-year time frame.
Oaktree often needs to collect information from children (anyone under the age of 18) such as where a child engages in Oaktree events and campaigns. All underage information will not be disclosed elsewhere by Oaktree without prior parental guardian consent. Underage personal information will be stored on NationBuilder and secured in the same manner as other personal information.
Oaktree acknowledges that children are a vulnerable part of the community and that their sensitive information should be treated with care. The following processes should be undertaken regarding underage sensitive information:
(a) It should be stored separately from other sensitive information, for example being stored in a different online folder; and
(b) After the event’s conclusion, all underage sensitive information should be destroyed within a reasonable period of time.
In the event that Oaktree does disclose personal information about you to an overseas recipient, such as a partner organisation, Oaktree will take such steps as are deemed reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information. Such steps could include:
(b) Investigating the overseas recipient’s privacy practices;
(c) Suggesting implementation processes in line with the APPs; or
We will take all reasonable steps to ensure any personal information we collect, use or disclose is up to date and accurate. Your personal information is only held by Oaktree for as long as the information remains relevant to the purpose for which it was collected.
If you believe that the personal information we hold about you is not up to date or accurate, you may ask us to correct it. You may also ask us to provide you with details of the personal information we hold about you, and copies of that information.
You can manage and update your information by getting in touch with a member of our team via email to Oaktree’s Director of Legal at email@example.com. We will respond to your request within 7 days of receipt of your request.
If you wish to make a complaint about a breach (or alleged breach) by Oaktree of this Policy or of the Australian Privacy Principles, you can email the Director of Legal at firstname.lastname@example.org.
In the event that you are not satisfied with the action undertaken by Oaktree, you may contact the Office of the Australian Information Commissioner whose details can be found at www.oaic.gov.au.