Privacy Statement

Our Privacy Policy

The First Peoples’ Assembly of Victoria, its affiliates and agents (Assembly) is committed to protecting your privacy. The Assembly takes the responsibility of protecting and managing your personal information very seriously.

The Assembly is bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth) and the Information Privacy Principles in the Privacy and Data Protection Act 2014 (Vic). These Acts (Privacy Law) regulate how the Assembly collects, uses, discloses and handles personal information. In some circumstances, the Assembly may undertake contractual obligations to observe additional privacy obligations.

This Privacy Policy sets out how we manage your personal information, including sensitive information, and protect your privacy. From time to time, it may be necessary for us to review and revise this policy. We reserve the right to change this policy at any time. When we do so, we will post our updated Privacy Policy on our website, accessible at https://www.firstpeoplesvic.org/privacy-statement/ (Website).

Please note that this policy should be read together with any other privacy statement, including our Privacy Collection Notices, that we may provide to you when we collect your personal information.

Terminology

In this policy, the expressions we, us and our are references to the Assembly. The expressions you and your refer to individuals whose privacy information the Assembly may handle from time to time.

References to the terms personal information and sensitive information have the meaning used in the applicable Privacy Law. Broadly, personal information is any information about an individual who is identified or whose identity is reasonably ascertainable. It includes sensitive information, which is information about, for example, an individual’s racial or ethnic origin, political opinions and criminal record.

What personal information does the Assembly collect?

The Assembly will only collect personal information if it is relevant and reasonably necessary for us to carry out our work. Our work is primarily focused on progressing the Treaty process, including building public support and participation. The personal information which we may collect about you includes, but is not limited to, the following types of information:

  • your personal details, including your name, age, gender, date of birth, racial or ethnic identification;
  • your contact details, including home address, email address and telephone number; and
  • other information from which you are identifiable or reasonably identifiable

The Assembly may take photographs as part of its regular activities, including at community engagement events. You will be notified at the commencement of an event if photos will be taken and will be able to request to not have your photo taken.

Sensitive Information

The Assembly may collect your sensitive information, which is a subset of personal information. For example, we collect sensitive information through our application form for enrolment to vote in the Assembly’s elections. Your sensitive information will assist the Assembly to determine whether you are eligible to vote in an Assembly election or nominate as a candidate. We will obtain your consent when collecting sensitive information from you, except where otherwise provided by Privacy Law.

Anonymity

The Assembly will take all reasonable steps to comply with a request to communicate with us and engage in our activities on an anonymous basis. However, we may not be able to fully communicate with you or enable you to engage in all our activities if you do not provide us with the personal information requested. For example, you may not be eligible to enrol to participate in our elections processes unless you provide us with the required information.

How does the Assembly collect your personal information?

We collect personal information in a number of ways, including:

  • when you contact us via telephone, email, websites or other avenues;
  • through the completion of forms (for example, when you enrol as a candidate for an Assembly election or register to vote in an Assembly election);
  • by registering your interest or support for the Assembly, including joining our mailing list;
  • from our social media websites or applications; and
  • as part of our community activities and consultations.

The Assembly will usually collect personal information directly from you. However, we sometimes need to collect information from a third party. Where the Assembly collects personal information from a third party we will take such steps as are reasonable in the circumstances to notify you, or ensure you are aware, of that collection and the circumstances of collection.

Why do we collect personal information?

The Assembly collects and handles personal information for the purposes of carrying out our work, which is primarily to further the Treaty process.
The purposes for which we may collect personal information include, but are not limited to:

  • establishing and managing the Assembly’s Electoral Roll, including maintaining accurate and up-to-date Member contact information;
  • conducting the Assembly’s elections, including obtaining data insights as part of managing and promoting the Assembly’s elections and electoral processes;
  • managing candidate applications for Assembly elections;
  • organising and communicating about the Assembly’s community engagement events;
  • promotions and competitions we run from time to time, including to deliver giveaways and prizes;
  • sending news and information about our activities; and
  • consulting and seeking feedback on the Assembly’s work and the Treaty process more generally, including calls for submissions on particular issues.

Use and disclosure

We will normally use or disclose your personal information only for the purposes it was given to us and for a reasonably related secondary purpose, which the Assembly believes you should reasonably expect or to which you have consented.

As part of carrying out our functions and advancing the Treaty process in Victoria, we may need to disclose your personal information to other organisations, which may include:

  • agencies or companies providing management services in respect of the Assembly’s Electoral Roll;
  • bodies, including other Aboriginal Representative Bodies established under the Advancing the Treaty Process with Aboriginal Victorians Act 2018 (Vic), or otherwise established in connection with the Victorian Treaty process;
  • information technology service providers;
  • social media and other digital platform providers, communication or similar organisations that we engage with to facilitate our communications with Members and promote the Assembly’s elections and activities;
  • legal service providers; and
  • community service providers.

We may also be required to disclose your personal information where required by law, for example, in response to a subpoena.

We will ordinarily notify you to whom we will disclose your personal information at the time we collect the relevant information from you, subject to the exclusions set out in Privacy Law. We do not supply our database information to marketing organisations not acting on our behalf. We will take reasonable steps to ensure that the persons and organisations to whom we disclose personal information are bound to protect the privacy of that personal information.

Storage and security of the information we hold

We will take reasonable steps to protect the personal information that we hold from misuse, interference and loss, and from unauthorised access, modification and disclosure. We hold personal information in both hard copy and electronic formats.

The steps taken by the Assembly to ensure security include:

  • locked storage of paper records;
  • password-protected access rights to computerised records; and
  • only allowing authorised people to have access to your information.

We will only keep your personal information for as long we need it for the purposes described in this policy. Your personal information will be destroyed or de-identified when it is no longer required by us or our agents.

In the event that a data breach considered ‘notifiable’ under Privacy Law occurs, the Assembly will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC). A breach is defined as a data breach that is likely to result in serious harm to any of the individuals to whom the information relates. Serious harm could include serious physical, psychological, emotional and financial harm, as well as serious harm to reputation.

Access to and correction of personal information

We take reasonable steps to ensure that the personal information we hold is accurate and complete. If at any time you wish to access or update your personal information, you can do so by contacting our Privacy Officer (details set out below). We will allow access or make changes to your personal information unless we consider that there is a sound reason under Privacy Law to withhold the information or not to make changes.

For security reasons you will be asked to put your request in writing. The Assembly may require you to verify your identity and specify what information you require. The Assembly may charge a fee to cover the cost of accessing and/or updating your personal information.

If we cannot provide you with access to your personal information, we will provide you with a written notice to explain the reasons for refusal.

Links to third party websites and services

Our website includes links to pages and services provided by third parties. Where you access links to web pages or services that are outside our web domain you will be leaving our Website and going to a web page controlled by a third party. When you access such links, the Assembly’s privacy practices, and this policy, no longer apply to you or your personal information. Information collected on those third party websites will be managed in accordance with the third party’s own privacy policies.

Unless otherwise indicated, we:

  • do not endorse or authorise the content of any third party website;
  • are not affiliated or associated with the owner or operator of any third party website; and
  • assume no responsibility or liability for the condition or content of any third party website or for the operation or function of any service or facility offered on any third party website.

Google Analytics

Our Website uses Google Analytics to track certain activities by, and collect information about, visitors. Google Analytics anonymously tracks how visitors interact with the Website, including which websites they visited immediately prior to the Website, what they did on the Website and whether they completed any transactions on the Website, such as registering to receive our newsletter.

Our Website may collect technical data, which may include your IP address, the type of device you are using to access the Website, device attributes, browser type, language and operating system and other information such as the location from which you have come to the Website and the pages you visited prior to the Website. Our Website also uses cookies. Such data may qualify as personal information under Privacy Law, however it is not used to identify individual users of our Website.

For more information on how Google Analytics collects and processes data, see www.google.com/policies/privacy/partners

How to make a Complaint

If we collect and hold your personal information, you have a right to make complaint and have it investigated and dealt with in accordance with the complaints procedure set out below.

The procedure to make a complaint is:

  • the complaint is to be in writing and must be sent to the Privacy Officer;
  • the complaint must specify the details of the alleged breach;
  • the Privacy Officer will consider the complaint and make a determination within 45 days and will inform the complainant of the outcome in writing;
  • if the Privacy Officer determines that there has been a breach of Privacy Law by the Assembly, they will advise the relevant persons in writing of any action required to remedy the breach and if the breach is not remedied within 30 days the Privacy Officer is to be informed; and
  • the Assembly will maintain a record of all complaints and determinations and of the action taken to remedy any breach.

If you are unhappy with our response, you can refer your complaint to the OAIC. The Assembly will provide its full cooperation if this occurs.

Further information on privacy legislation may be obtained by contacting the Office of the Federal Privacy Commissioner. See the website: www.privacy.gov.au

Privacy Officer contact details

Privacy Officer
First Peoples’ Assembly of Victoria
Email: enquiries@firstpeoplesvic.org
Telephone: 1800 TREATY (1800 87 32 89) between 9am – 5pm Monday – Friday
Address: PO Box 4218, Fitzroy, Victoria 3065

 

Privacy Policy – PDF Version

Privacy Policy — PDF Version

Related documents

Privacy Collection Notice