Add to collection(s) Add to saved
  1. Social Science
  2. Law

How we use your Personal Information

advertisement 
SmartyGrants Privacy Policy
(Grantmakers)
This Privacy Policy relates to Our Community and its related entities and related bodies corporate
(collectively referred to as “we”, “us” and “Our Community”). Our Community operates the grant
management system called SmartyGrants, which is accessible through multiple sites on the
Internet domain smartygrants.com.au (“SmartyGrants Sites”).
For the purposes of this policy, “Personal Information” means information or an opinion about an
identified individual, or an individual who is reasonably identifiable.
This Privacy Policy explains how we handle your Personal Information that you provide to us in any
way including through SmartyGrants.
SmartyGrants is used by “Grantmakers” (people and organisations who manage grant programs
and build forms for Applicants to submit online) who are referred to here as “you”, “your”
and grantseekers, (people who fill in the forms created by Grantmakers) who are referred to here
as “Applicants”.
We take our obligations under the Privacy Act 1988 (the “Privacy Act”) and the Australian Privacy
Principles (“APPs”) very seriously. We are committed to maintaining the confidentiality and
security of your Personal Information and managing it in an open and transparent way. To achieve
this we have implemented practices, procedures and systems to ensure we comply with the
Privacy Act.
This policy may change periodically so please check back on a regular basis via the link on our
website [insert link to Privacy Policy]. Alternatively if you would like a free copy sent to you or you
have comments or questions regarding this Privacy Policy, please contact us using the details
provide at the end of this document.
Last updated: 6 February 2014
Table of contents
Key privacy points: The stuff you really care about ......................................................................... 3
Summary table: what we share with whom ..................................................................................... 3
The collection of personal and sensitive information ....................................................................... 4
What data is collected and how....................................................................................................... 6
How we use your Personal Information ........................................................................................... 8
Who controls the data and how you can access it or correct it ........................................................ 9
How we store your data and when we destroy it ........................................................................... 10
Information disclosed to people outside of Australia...................................................................... 11
Details of direct marketing............................................................................................................. 13
What you are agreeing to by using SmartyGrants ......................................................................... 14
SmartyGrants Privacy Policy (Grantmaker)
1
SmartyGrants Privacy Policy (Grantmaker)
2
Key privacy points: The stuff you really care about
1. Customer Data is stored on servers located in Australia. We collect different types of
date (we explain the difference types below), but to be clear your Customer Data, which is
the data you enter into the system and includes the submissions you receive from
Applicants, is stored on servers located in Australia and we do not transfer this data
offshore for processing.
2. We don’t sell your data your data to third parties. We treat all information collected as if
it were private. We don't sell the information to anyone and we don't use the responses
Grantmakers receive or that Applicants fill out for our own purposes, except in a limited set
of circumstances outlined in this Privacy Policy (for example: if we are compelled to by a
law or if you've made parts of your submission public).
3. We do share some data with trusted service providers. In order to manage and improve
SmartyGrants we use a number of third party service providers; for example, we may use
Google to manage our email. See the summary table below for details about what we share
and with whom and for what purposes. Please note that a number of these service
providers are located outside of Australia and that the data we pass to them will therefore
be processed outside of Australia.
4. SmartyGrants forms are administered by Grantmakers. You may create any form
required to administer your grants programs. SmartyGrants hosts these forms and collects
the responses Applicants submit to Grantmakers. Applicants will contact you directly if they
have any questions about forms they are completing, as we are not responsible for the
form’s content, nor an Applicant’s response to it. Of course, if you have a privacy policy of
your own, you will want to ensure your use and control of Applicants’ information complies
with it.
5. The Applicant owns the data until they submit it; and Grantmakers must be clear on
this. Until an Applicant submits a response to a form to you, the contents of the response
belong to the Applicant. You have no right to view the contents of an unsubmitted response
unless Applicants explicitly give you access. Once a response to a form is submitted, it then
becomes subject to your own privacy policy.
6. Anonymity and pseudonymity: You are free to browse SmartyGrants anonymously.
However, to login into the SmartyGrants service you or an organisation you work with must
register an account using your actual name and email address. It is impractical for us to
manage and provide support for SmartyGrants where individuals have either not identified
themselves or have used a pseudonym.
Summary table: what we share with whom
Data Collected
Parties Involved
Usage Data, Device Data,
Referral Data, Metadata
Data Controller: Our
Community
(For example: Cookies and IP
address)
Shared with:

SmartyGrants Privacy Policy (Grantmaker)
Use of data
Purpose: Website performance,
availability and traffic analysis.
Google
3
Registration Information
(For example: First Name, Last
Name, Email Address,
Organisation Name)
Customer Data
(For example: Any text,
attachments or other input)
 New Relic
 Preact.io
 Segment.io
Data Controller: Our
Community
Shared with:
 Campaign Monitor
 Preact.io
Data Controller: Applicant
/ Grantmaker
Shared with:



Email contents, Customer
Support Queries and other data
you intentionally share
Australian
Business Register
(ABN numbers
only)
Our Community
Grantmaker (only
with your
approval)
Data Controller: Our
Community
Shared with:
(For example: Emails to
service@smartygrants.com.au)
Purpose: The operation of
SmartyGrants.



Purpose: The operation of
SmartyGrants.
Grants Applicants retain full
control of any response they
have not formally submitted you.
However once a response is
submitted, it falls under your
control.
Any privacy or information
policies you have in place will
also come into play once you
take control of Applicants’
information. SmartyGrants will
direct any Applicants with
questions about Grantmakers’
privacy policies to you for further
information.
Purpose: To provide support for
the use of SmartyGrants and To
maintain appropriate business
records
Google
Highrise
Desk.com
The collection of personal and sensitive information
We will only collect your Personal Information where it is reasonably necessary for us to pursue
one or more of our functions or activities (see below for how and why we use your Personal
Information) or we are required to by law.
Some Personal Information (e.g. race, ethnicity, health information etc.) is sensitive and requires a
higher level of protection under the Privacy Act. Our Community works hard to limit how much
sensitive information is collected, as we don’t have a need for it ourselves; however, in operating
SmartyGrants we are often in a position whereby we are collecting sensitive information on behalf
Grantmakers. We will only collect your sensitive information when we have your consent; and the
collection is reasonably necessary for us to pursue one or more of our functions or activities.
How we deal with unsolicited Personal Information
SmartyGrants Privacy Policy (Grantmaker)
4
If we receive your Personal Information from a third party without having asked you for it, then
within a reasonable time, we will determine whether we could have collected it in the ways outlined
above. If we determine that it could not have been collected in one of those ways and it is lawful
and reasonable to do so, then as soon as practicable we will either destroy the information or
ensure that it is de-identified.
How we maintain the quality of Personal Information
We will take such steps (if any) as are reasonable in the circumstances to ensure that your
Personal Information we collect, use or disclose is accurate, up-to-date, complete and relevant.
How you will know when your Personal Information is collected
Before or at the time of collecting your Personal Information (or as soon as practicable afterwards)
we will place on the screen a big bold notice that ensures you are aware of the following:
a) our identity and contact details;
b) circumstances where we have collected your Personal Information from you without your
knowledge or from someone other than you;
c) circumstances where we are required or authorised by law to collect your Personal
Information;
d) reasons why we have collected your Personal Information;
e) what may happen if we do not collect all or some of your Personal Information;
f)
details of the persons or entities that we usually disclose Personal Information to;
g) how you may access and seek correction of your Personal Information;
h) how you can lodge a complaint with us;
i)
whether we are likely to disclose your Personal Information to overseas recipients and if
so, details of the likely countries that may receive your Personal Information.
Are there exceptions to when you need my consent to collect personal and sensitive
information?
You should be aware that there are some exceptions to the need for your consent to collect
sensitive information. Under the Privacy Act we don’t need your consent to collect your sensitive
information when it is required or authorised by law, these exceptions exist under two broad
categories of situations: Permitted General Situations and Permitted Health Situations. Let us
apologise now for the turgid wording of these situations, as we have taken the wording for the
General Situations from the Privacy Act (to save you going to have to look it up yourself).

Permitted General Situations
o
o
General Situation 1

it is unreasonable or impracticable to obtain your consent to the collection,
use or disclosure; and

Our Community reasonably believes that the collection, use or disclosure is
necessary to lessen or prevent a serious threat to the life, health or safety of
any individual, or to public health or safety.
General Situation 2
SmartyGrants Privacy Policy (Grantmaker)
5
o

Our Community has reason to suspect that unlawful activity, or misconduct
of a serious nature, that relates to the our functions or activities has been, is
being or may be engaged in; and

Our Community reasonably believes that the collection, use or disclosure is
necessary in order for us to take appropriate action in relation to the matter.
General Situation 3

Our Community reasonably believes that the collection, use or disclosure is
reasonably necessary to assist any APP entity, body or person to locate a
person who has been reported as missing; and

the collection, use or disclosure complies with the rules made under
subsection (2) of Section 16a of the Privacy Act.
o
General Situation 4

o
General Situation 5


The collection, use or disclosure is reasonably necessary for the
establishment, exercise or defence of a legal or equitable claim.
The collection, use or disclosure is reasonably necessary for the purposes of
a confidential alternative dispute resolution process.
Permitted Health Situations
o
The details of the Permitted Health Situations are long and complex and best
viewed online. Our Community believe that these situations would rarely if ever
apply to the information we collect from you, so we have not listed them here.
Adoption, use or disclosure of government related identifiers
We will not adopt a government related identifier (such as your medicare or social security number)
as your identifier unless:
a) we are required or authorised by law;
b) it is reasonably necessary to verify your identity for the purposes of our activities or
functions;
c) it is reasonably necessary to fulfil our obligations to an agency or State or Territory
authority;
d) it is required or authorised by or under an Australian law, or a court/tribunal order;
e) some (but not all) permitted general situations exist;
f)
we reasonably believe it is reasonably necessary for enforcement related activities by, or
on behalf of, an enforcement body; and
g) where it is allowed under the regulations.
What data is collected and how
We will only collect your Personal Information by lawful and fair means and our strong preference
is to try and collect your Personal Information directly from you as this is the best way to ensure it’s
accuracy. It also provides you with an opportunity to ask us any questions about our Privacy Policy
SmartyGrants Privacy Policy (Grantmaker)
6
before collection. We may also collect your Personal Information over the telephone, through
correspondence (whether by letter, fax or email), and through forms on our website.
In the process of conducting our businesses, we collect a broad range of Personal Information
about our current and prospective customers, contractors, suppliers, agents, service providers,
other business associates and the people who run the businesses we deal with. This information
can include such things as contact details, financial information and supporting documentation,
identification and transaction history information, banking details and personal references.
We will directly collect your Personal Information unless we have your consent to collect it from a
third party or we are required or authorised by law to collect it or it is unreasonable or impracticable
to do so.
Information we collect directly from you


Registration information:
o
You need to have a registered account to log into a SmartyGrants account before
you use or view any information in SmartyGrants.
o
When you or someone in your organisations register you, for an account we collect
your name, email address, organisation name and password. We use cookies to
store session information in order to enable login-based features.
o
You can block or delete cookies and still use SmartyGrants, although if you do you
will then be asked for your email address and password every time you access
SmartyGrants.
Customer Data:
o

Customer support queries and other data you intentionally share.
o

We safely store data submitted through SmartyGrants – including forms, responses,
reports, grant information.
We may collect your Personal Information or data if you submit it to us in other
contexts; for example, if you email us.
Usage data.
o
We collect usage data about you whenever you interact with our services. This may
include data on which SmartyGrants webpages you visit, what you click on, when
you performed those actions, and so on.
o
Additionally, like most websites today, our web servers keep log files that record
data each time a device accesses those servers. The log files contain data about
the nature of each access, including the IP address from which the contact
originated.
o
Some data will contain identification numbers, which might include the ID number of
your user account or application. This information in and of itself does not identify
you; however, when combined with data we hold within SmartyGrants would allow
us to identify your activity on our website.
Information we collect about you from other sources

Device data.
SmartyGrants Privacy Policy (Grantmaker)
7
o

Referral data.
o

We collect data from the device and application you use to access our services,
such as your IP address and browser type. We may also infer your geographic
location based on your IP address.
If you arrive at an our website from an external source (such as via a link on another
website or an email), we record information about the source that referred you to us.
Metadata.
o
We use the term 'metadata' to describe the context rather than the content of the
data we collect. This might include, for example, the time and date and location of
the creation of the data, the size of the data (for example: word count), and the time
it took to the create the data. Metadata, when taken as a whole, may help us to
improve our services, as well as the way you as Grantmakers provide your services
to those who use SmartyGrants to apply for funding.
How we use your Personal Information
We will only hold your Personal Information for the particular purpose that we collected it (“Primary
Purpose”). We will not use or disclose your Personal Information (not being sensitive information)
for another purpose (“Secondary Purpose”) unless:
a) we first obtain your consent; or
b) you would reasonably expect us to use or disclose it for a Secondary Purpose that is
related to the Primary Purpose or - in the case of sensitive information – directly related to
the Primary Purpose;
c) we are required to by law,
d) a permitted general purpose exists,
e) a permitted health situation exists.
f)
we reasonably believe it is reasonably necessary for one or more enforcement related
activities conducted by, or on behalf of, an enforcement body. In this circumstance we will
make a note of such disclosure.
We collect your Personal Information for the following Primary Purposes:
1. To provide you with our services including:
o
applying for grants via SmartyGrants.
o
support you if you need technical assistance with using SmartyGrants.
o
some Grantmakers may use the ABN look-up functionality, which involves
SmartyGrants passing your ABN to the Australian Business Register in order to
retrieve your organisation's registration details.
2. To manage our services:
We may use your Personal Information, for the following limited purposes:
SmartyGrants Privacy Policy (Grantmaker)
8
o
To monitor and improve our services and features. We perform statistical and
other analysis on information we collect (including usage data, device data, referral
data and metadata) to study and measure user behaviour and trends, to understand
how people use our services, and to monitor, troubleshoot and improve our
services.
o
To assist the enforcement of our Agreement with Grantmakers.
o
To prevent potentially illegal activities.
o
To screen for undesirable or abusive activity. For example: We have an
automated virus scan that checks all file attachments.
3. To create new services, features or content (public data and metadata only):
We may use Usage Data, Device Data, Referral Data and any other Metadata to create
and provide new services, features or content. For example, we may look at statistics like
response rates, question-and-answer word counts, and the average number of questions in
a form in order to publish observations and findings for informational or marketing
purposes. When we do this, neither individual Grantmakers nor applicants will be identified
or identifiable unless we have obtained their permission.
4. To contact you about your service or account:
We may occasionally send you communications of a transactional nature (for example:
service-related announcements, changes to our services or policies, a password reminder
email). You can't opt out of these communications since they are required in order for us to
provide our services to you.
5. To respond to legal requests and prevent harm:
If we receive a subpoena or other legal request, we may need to inspect the data we hold
to determine how to respond.
Who controls the data and how you can access it or
correct it
As the data controller, Our Community is the legal entity with the right to make decisions regarding
the purposes, and the methods, of processing the Personal Information we have collected from
you. This includes the security measures concerning the operation and use of the data.
You can request access to the Personal Information we hold about you, or request that we change
that Personal Information. We will allow access or make the changes unless we consider that there
is a sound reason under any relevant law to withhold the information, or not make the changes.
Such reasons included:
a) we reasonably believe that giving access would pose a serious threat to the life, health or
safety of any individual, or to public health or public safety; or
b) giving access would have an unreasonable impact on the privacy of other individuals; or
SmartyGrants Privacy Policy (Grantmaker)
9
c) your request for access is frivolous or vexatious; or
d) the information relates to existing or anticipated legal proceedings between us and you, and
would not be accessible by the process of discovery in those proceedings; or
e) giving access would reveal our intentions in relation to negotiations with you in such a way
as to prejudice those negotiations; or
f)
giving access would be unlawful; or
g) denying access is required or authorised by or under an Australian law or a court/tribunal
order; or
h) we have reason to suspect that unlawful activity, or misconduct of a serious nature, that
relates to our functions or activities has been, is being or may be engaged in and you giving
access would be likely to prejudice the taking of appropriate action in relation to those
matters; or
i)
giving access would be likely to prejudice one or more enforcement related activities
conducted by, or on behalf of, an enforcement body; or
j)
giving access would reveal evaluative information generated within the entity in connection
with a commercially sensitive decision-making process.
When you make a request to access or change your Personal Information, we will require you to
provide some form of identification (such as a driver's licence or passport) so we can verify that
you are the person to whom the information relates. In some cases we may also request an
administrative fee to cover the cost of access.
How you can make corrections or raise concerns
If you believe that information we hold about you is incorrect or out of date, or if you have concerns
about how we are handling your Personal Information, please contact us and we will try to resolve
those concerns.
If you believe that Our Community has not protected your Personal Information as set out in this
Privacy Policy you may lodge a complaint using the contact details below. We will respond to your
complaint within 30 days of receiving it, and treat seriously any claims of privacy breaches.
Circumstances when we decline to make corrections
In certain circumstances we may decline to correct your Personal Information. When this occurs
we will provide you with a written notice that sets out both the reasons for the refusal, and the
mechanisms available to complain about the refusal.
How we store your data and when we destroy it
We take all reasonable steps to ensure the security of the Personal Information we hold is
protected from unauthorised access, destruction, use, modification or disclosure.
All registration information, as well as Customer Data used as part of SmartyGrants, are passwordprotected to provide additional security. We ask that you do not reveal or share your password with
anyone. Our Community will never ever ask for your password, either verbally or through phone or
email contact (whether initiated by you or us).
SmartyGrants Privacy Policy (Grantmaker)
10
Where we share data with service providers, the data is stored in their systems and is subject to
their security and privacy standards. We have been careful about selecting our service providers
and believe they all take data privacy and security seriously. For your information we have also
provided links to all of our service provider’s privacy policies below.
Destruction
When we no longer need your Personal Information for a permitted purpose and we are not
required to keep it to comply with any laws, we will take such steps as are reasonable in the
circumstances to destroy your Personal Information or to ensure that the information is deidentified.
If you wish to have your Personal Information deleted please let us know and we will take
reasonable steps to delete it (unless we need to keep it for legal, auditing or internal risk
management reasons). If Our Community is not the Data Controller (for example you have
submitted Customer Data to a Grantmaker), you will need to contact the relevant Data
Controller/Grantmaker, as SmartyGrants cannot modify any information it does not control.
Information disclosed to people outside of Australia
While SmartyGrants is an Australian product, our services are used by organisations all around the
world to manage their grant programs. If you, or the Grantmaker you are working with, are located
outside Australia, then data will be transmitted outside of Australia. However, all Customer
Data stored within SmartyGrants is kept on our servers, which are physically located in Sydney,
Australia.
Our Community also uses a number of service providers to handle data that is not
Customer Data. Some of these service providers are located outside Australia. Their details are
listed below, including the jurisdiction in which the data will be processed. By using SmartyGrants
you consent to the following types
Data Disclosed
Service Provider
Usage Data,
Device Data,
Referral Data,
Metadata
►Google
Service provided: Google Analytics is a web analysis service supplied by
Google which uses "cookies" to collect your Navigation Data. This
information is forwarded to, and deposited on, Google's servers in the United
States.
Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
More information: http://www.google.com/intl/en/policies/privacy/
Data processing location: United States of America
►New Relic
Service provided: New Relic is an all-in-one web application performance
tool that lets companies see their site’s performances from the end-user's
perspective through servers and down to the line of application code.
SmartyGrants Privacy Policy (Grantmaker)
11
Address: 101 Second Street, 15th Floor, San Francisco, CA 94105
More information: http://newrelic.com/privacy
Data processing location: Various countries, including the United States of
America.
►Segment.io
Service provided: Segment.io is a simple analytics API that transforms
business analytics data and routes it to other analytics services, such as
Google Analytics, Mixpanel, KissMetrics, Olark, Salesforce, etc.
Address: 101 Second Street, 15th Floor, San Francisco, CA 94105
More information: https://segment.io/privacy
Data processing location: Various countries, including the United States of
America.
►Preact.io
Service provided: Preact.io makes the context of user actions available to
members of the SmartyGrants support team as many problems can be
solved in a single response rather than complex troubleshooting.
Address: 13488 W. Maxella Ave., Suite 530 Marina del Rey, CA 90292
More information: http://www.preact.io/privacy
Data processing location: The United States of America
Registration
Information
►Campaign Monitor Pty Ltd
Service provided: hosted email newsletter service.
Address: Suite 404 3/5 Stapleton Avenue, Sutherland NSW 2232, Sydney,
Australia
More information: http://www.campaignmonitor.com/privacy/
Data processing location: The United States of America.
►Preact.io
See details above.
Emails, customer
support queries
and other data you
intentionally share
►Google
Service provided: hosted email service.
SmartyGrants Privacy Policy (Grantmaker)
12
with us
Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
More information: http://www.google.com/intl/en/policies/privacy/
Data processing location: United States of America
►Highrise
Service provided: Highrise is a "shared contact management" web
application.
Address: 37signals, 30 North Racine Avenue #200, Chicago, IL 60607 USA.
More information: http://37signals.com/privacy
Data processing location: Various countries, including the United States of
America.
►Desk.com
Service provided: Desk.com is an online customer service and support tool
that is powered by Salesforce.com
Address: 501 2nd Street – Suite 350, San Francisco, CA 94107
More information: http://www.desk.com/privacy
Data processing location: Various countries, including the United States of
America.
Details of direct marketing
For the purposes of this policy, “direct marketing” is the promotion and sale of goods and services
directly to you including through emails, SMS, phone calls and the post.
No direct marketing
We will not use or disclose your Personal Information for the purposes of direct marketing material
if you have previously told us not to.
If at any time in the future you do not want us (or one of our service providers) to send you direct
marketing material or you wish to cancel a previous consent, then you can simply inform our
Privacy Officer. We will effect the change in a reasonable time and without charge.
Adoption of direct marketing laws
The Privacy Act tightly controls how we use your Personal Information for direct marketing. We will
follow those laws to ensure you only receive direct marketing in circumstances where you are
expecting to. We will always provide a simple means for you to “opt-out” from receiving it which
typically involves a “tick-a-box” on the collection form or through a pop-up on your screen when
you provide Personal Information online.
Sensitive information
SmartyGrants Privacy Policy (Grantmaker)
13
We will not use your sensitive information for the purposes of direct marketing unless you have
given us permission in writing.
Circumstances when we will send you direct marketing material
We will not use your Personal Information for the purpose of direct marketing unless we collected
the information from you and you would reasonably expect that we would use or disclose the
information for that purpose.
How you can contact us

Calling (+61) 03 9320 6800

Emailing service@ourcommunity.com.au

Sending a letter to us at:
Attn: Privacy Officer
Our Community (SmartyGrants)
PO Box 354
North Melbourne VIC 3051
Australia
What you are agreeing to by using SmartyGrants

You consent to the collection, use, disclosure and processing of your personal data in
the manner described in this Privacy Policy.

You consent to us sharing your personal data with relevant persons working for service
providers who assist us to provide our services.

If you have enabled cookies on your web browser, you consent to our use of cookies as
described in this Privacy Policy.

You consent to our use of metadata for the purposes described in this Privacy Policy.
SmartyGrants Privacy Policy (Grantmaker)
14
Related documents
New Patient Information Form
New Patient Information Form
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Central Missouri Cardiovascular Associates P
Central Missouri Cardiovascular Associates P
Privacy Confidentiality Minor
Privacy Confidentiality Minor
NORTH SHORE CARDIOVASCULAR ASSOCIATES
NORTH SHORE CARDIOVASCULAR ASSOCIATES
New Patient Form - Cowes Medical Centre
New Patient Form - Cowes Medical Centre
Download
advertisement