The Oaktree Foundation Australia (‘Oaktree’) considers privacy and data
protection to be important matters. Oaktree will endeavour to handle your personal information in accordance with this Policy and the Australian Privacy Principles (‘APPs’).
Whether you’re a donor, program participant or volunteer, we regularly ask for information that helps keep us engaged with you.
Here are some examples of personal information we commonly collect:
Personal details, for example, your name or date of birth
How you supported or interacted with Oaktree in the past
Notes from conversations with Oaktree representatives
Oaktree also collects sensitive and health information. For instance, where you disclose a political opinion or affiliation, or where you complete a medical form to participate in an Oaktree event, you are providing Oaktree with more detailed information. We will only collect, hold, use and disclose sensitive and health information with your consent, or where required by law.
In most of these cases, Oaktree will ask you directly for information (for example, requesting you to complete a donation form or a medical form). Often, to enable our operations, we will need a certain amount of information; for instance, we cannot give you a tax receipt without your name or email address.
Some of the information is collected automatically (for example, when you ‘like’ a post of Oaktree’s on social media), or from another source (like certain confidential payment details that pass through third-party service providers).
There are a number of technological measures that we use to collect information. Oaktree may:
URLs contained in emails may contain an ID that enables us to correctly identify the person who takes an action using a web page. We use these URLs to simplify the process of signing petitions and filling out surveys.
In order to raise awareness, fundraise and engage with the public, we need to collect personal information. Oaktree will typically use your personal information to:Process donations;
Oaktree will only disclose your personal information to an external party when it is necessary. We will take reasonable steps to ensure that these parties deal with any personal information appropriately. These reasonable steps could include:
When running joint petitions with other organisations, Oaktree will ensure that anyone contributing to the petition is informed about how and with whom their information will be shared (e.g. other organisations, who the petition is targeted at). Where possible, this information will be limited to name and postcode.
Whether it be online or in hard copy, when we collect your information we endeavour to do so through a secure response form. We will take appropriate security measures to protect against unauthorised access to your personal information.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While Oaktree strives to protect personal information, it cannot guarantee the security of any information received. As such, provision of such information is done at your own risk. Once your transmission is received, Oaktree will take all reasonable steps to ensure its security and integrity.
Most of the information you give to us will be stored in our online supporter database, NationBuilder. There are strict NationBuilder terms of service available here. Oaktree will also ensure protection of information stored on NationBuilder by restricting access to authorised persons only and by creating different levels of access. Information may also be stored on Oaktree’s cloud systems, such as Google Drive and Dropbox. Information on these cloud systems are also protected by the standard security processes outlined below.
Oaktree uses industry standard security technology, as well as industry standard security practices, to protect personal and confidential information that we receive and to prevent that information from being accessed by unauthorised persons. These practices include:
If you send us your personal information when we don’t ask for it, we will determine whether or not it would have been permissible to collect that information if we had asked for it. If we find that the collection would not have been permissible we will destroy or de-identify that information as soon as practicable. If we find that that the collection would have been permissible, then we will treat the information in accordance with this policy.
Oaktree will also destroy or de-identify information that is no longer needed. Examples of information that is no longer needed include:
If you have supplied us with sensitive or health information, Oaktree will not use or disclose it for anything other than what you have consented to. This is subject to any legal requirement of disclosure.
Oaktree takes the transfer of payment information very seriously. In the case of payment or card details, Oaktree will take special care to ensure that third-party service providers are Payment Card Industry Data Security Standard compliant.
Where a donor requests for their donations to be anonymous, the information required to process the donation will still be stored via the processes outlined in this policy. However, the donor’s name will not be publicly listed.
Oaktree often needs to collect information from children (anyone under the age of 18) such as where a child engages in Oaktree events and campaigns. Information collected includes personal information, sensitive information and parental consent forms. All underage information will not be disclosed elsewhere by Oaktree without prior parental guardian consent.
Underage personal information will be stored on NationBuilder and secured in the same manner as other personal information.
Oaktree acknowledges that children are a vulnerable segment of the community and that their sensitive information should be treated with care. The following processes should be undertaken regarding underage sensitive information:
In the event that Oaktree does disclose personal information about you to an overseas recipient, such as a partner organisation, Oaktree will take such steps as are deemed reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information. Such steps could include:
We will take all reasonable steps to ensure any personal information we collect, use or disclose is up to date and accurate. Your personal information is only held by Oaktree for as long as the information remains relevant to the purpose for which it was collected.
If you believe that the personal information we hold about you is not up to date or accurate, you may ask us to correct it. You may also ask us to provide you with details of the personal information we hold about you, and copies of that information.
You can manage and update your information by getting in touch with a member of our admin team on (03) 9428 8577 or via email at email@example.com. We will respond to your request within 7 days of receipt of your request.
If you wish to make a complaint about a breach (or alleged breach) by Oaktree of this Policy or of the Australian Privacy Principles, you can call us on (03) 9428 8577 or email the Director of Legal at firstname.lastname@example.org.