1. Purpose
Many Rivers Microfinance Limited ABN 58 128 486 788 (Many Rivers, we, us) is required by law to comply with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (Schedule 1, Privacy Act) (APPs), and any other applicable privacy laws when handling personal information. We take our privacy obligations seriously and this privacy policy outlines our privacy practices, and explains how we handle personal information, including in relation to our website located at manyrivers.org.au (Many Rivers Website).
In this privacy policy, personal information has the meaning given to it in the Privacy Act, and includes information or an opinion, whether true or not about an identified individual or an individual who is reasonably identifiable.
By providing your personal information to us, you consent to us collecting, holding, using and disclosing your personal information as described in this privacy policy (as amended from time to time).
You are not required to provide personal information to us. However, if you do not provide us with all the personal information we request, the services we provide to you may be affected.
2. Personal information we collect and hold
2.1 Kinds of personal information
The kinds of personal information we collect depends on the nature of our interactions and dealings with you. For example, we may collect personal information about you if you are a Many Rivers’ client or potential client, donor, current or former employee, contractor, volunteer, or someone who comes into contact with Many Rivers.
The types of personal information we may collect and hold generally include:
Clients:
- your name, date of birth, gender, driver licence details, contact details (including residential, postal and/or business addresses, email addresses, and phone numbers), bank details, Centrelink payment type and status and other information which assists us in conducting our business, providing our newsletter, services and meeting our legal obligations;
- your image and other personal information (in photographs, films, videos, electronic presentations and/or sound recordings which may also be collected via a consent form);
- other personal information relevant to providing our services to you such as languages you speak, next of kin details, family and living circumstances, education qualifications, employment history, personal/household income, assets, savings frequency, liabilities (including loans and recent access to loans), living expenses (including rent/mortgage repayments), ability to access finance, access to essential services (including phone, internet and a motor vehicle), service feedback and complaint details; and
- financial information related to Many Rivers business loan applications including statements of financial position, bank statements, credit reports and personal/business bank details.
Donors:
- your name and contact details (including residential, postal and/or business addresses, email addresses, and phone numbers); and
- your payment details and financial contribution(s) made to Many Rivers.
Employees/contractors/volunteers:
- your name, date of birth, gender, contact details (including residential, postal and/or business addresses, email addresses, and phone numbers), emergency contact details, bank and superannuation account details and tax file number;
- your employment history, education and qualifications, references and feedback; and
- other information related to your role at Many Rivers.
In some cases, we may also collect ‘sensitive information’ about you including gender, age, income, racial or ethnic origin, health, disability, benefits and services you receive from Centrelink or other government bodies, and other information required as part of our funding obligations and/or that are relevant for the proper provision of the services we provide to you.
Many Rivers complies with applicable health records laws when collecting and handling health information, including the Health Records and Information Privacy Act 2002 (NSW).
To the extent that we collect government related identifiers (GFIs) (as defined in the Privacy Act), we will only use or disclose GFIs in accordance with the APPs.
2.2 How we collect personal information
Where possible, personal information is collected directly from you at the time of your interaction with us. In some cases, personal information is also collected from third parties, including in circumstances where you are transferred or referred to us.
We will only collect your sensitive information with your consent, where collection is required by law, or in other special specified circumstances.
We may also collect non-personal information using “cookies” or other similar tracking technologies that help us measure website traffic on the Many Rivers Website. Cookies are small files that store information on your computer, mobile phone or other device. They enable us to recognise your IP address across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but the Many Rivers Website may not work properly if you do so.
3. Purposes for which we collect, use and disclose personal information
We may collect, use and disclose your personal information for the purpose of:
Clients:
- providing client services which may include, general business coaching support, access to finance and access to other products to support you to start and sustain your business;
- sharing or transferring personal information within Many Rivers to provide, expand or improve the services we provide to you or assist with more efficient service delivery; or
- handling client enquiries, complaints and feedback about the quality of the services that we provide.
Donors:
- fundraising, promotional and charitable activities and functions.
Employees/contractors/volunteers:
- employing or engaging you as an employee, contractor or volunteer.
We may also generally collect, use and disclose your personal information for the general management and conduct of Many Rivers, including:
- facilitating proper governance processes such as risk management, incident management, internal audit and external audits;
- complying with funding requirements and requirements of government bodies which regulate and fund the services we provide, legal obligations and applicable laws;
- organising and holding events and conferences;
- understanding, through aggregated information, trends and patterns used for research and advocacy; and
- assessing the services and outcomes delivered by Many Rivers.
We will not use nor disclose your personal information for any purpose other than the purpose for which it was collected (or a related purpose that would be reasonably expected by you), unless you have consented to that other purpose, or we are permitted to do so by law.
4. Disclosure to third parties
We may disclose your personal information to third parties:
- for the purposes for which it was collected:
- where required by government agencies or funding agreements;
- when transferring you to another service provider;
- for assistance with the delivery or provision of our services;
- where you have provided your consent, including via a consent form to share your ABN with the Department of Social Services (DSS), share your stories, or for purposes related to electronic communication and electronic signature;
- where we have a reasonable concern regarding your safety or wellbeing;
- where required or authorised by law; or
- if you ask us to do so.
We may disclose some of your personal information to third parties providing electronic storage services, some of which may be located overseas.
Where we engage third parties to aggregate, collate and/or analyse information for the purposes of research and advocacy, we will only provide them with de-identified information. DSS may also link some of your de-identified information.
We seek to ensure through our contracts with third parties, that they comply with the Privacy Act when handling your personal information.
5. Marketing and newsletter
Many Rivers generally does not send marketing nor promotional communications, however we do send a newsletter to subscribers. If you have previously opted-in to receiving our newsletter or other communication, you may unsubscribe via the link provided or contact us via email at [email protected] and we will cease the relevant communication.
6. How you can access and correct your personal information
You are entitled to request access to the personal information held by us about you. This is generally provided upon your request and is subject to completion of our verification and risk processes, certain legal exceptions, and to access restrictions imposed or permitted by law. If a legal exception or restriction applies and we decide not to provide you with access to any personal information we hold about you, we will advise you of the reasons for our decision. Access requests should be made to the same point of contact to whom you provided your personal information, or you can contact us at [email protected].
Where we are satisfied that any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading (having regard to the purpose for which it is held), we will take such steps (if any) as are reasonable in the circumstances to correct that personal information, subject to certain legal exceptions. Correction requests should be made to the same point of contact to whom you provided your personal information, or you can contact us at [email protected].
If we do not agree that the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you may ask that we attach a statement to this effect to our record.
7. How we manage, protect and store your personal information
Personal information may be stored by us in hard copy form or electronic form. We will take reasonable steps to protect personal information held from misuse, loss, unauthorised access, modification or disclosure by ensuring the use of physical security of hard copy records and restricted access to electronic records.
We will take reasonable steps to ensure your personal information is retained securely and in accordance with applicable laws or the requirements of any government or other funding body’s record-keeping requirements. Where we no longer need your personal information, we will take reasonable steps to destroy or de-identify it.
8. What to do if you have a privacy enquiry or complaint
If you have an enquiry or a complaint about our handling of your personal information, please direct it to the point of contact to whom you provided your personal information, or you can contact us at [email protected]. We will outline options regarding how your enquiry or complaint may be resolved, and we aim to respond and resolve it in a timely and appropriate manner, treating your enquiry or complaint confidentially.
If we are unable to satisfactorily resolve your concern or complaint, you can enquire or lodge a complaint with the Office of the Australian Information Commissioner (OAIC). You can contact the OAIC hotline on 1300 363 992. The OAIC has the power to investigate the matter and make a determination.
9. Contact details
You can contact us at:
Post: Many Rivers Microfinance Limited Privacy Officer Level 2, 233 Castlereagh Street, Sydney NSW 2000; or
Phone: 1300 626 974; or
Email: [email protected]
