This document sets out the policy of the AIOH Foundation Ltd (AIOH Foundation) for the collection, management and disposal of personal or sensitive information and data.
The operation and management of the AIOH Foundation brings with it important legal and ethical responsibilities for managing organisational and personal information and data.
Beyond our legal requirements, we also recognise that there are community expectations about the way we manage the information and data of our donors, supporters, staff and volunteers, as well as the people/organisations we help.
The AIOH Foundation is committed to protecting the privacy and confidentiality of the people and organisations we support as well as our donors, supporters, staff and volunteers.
The AIOH Foundation recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand and made accessible to them on the other.
The AIOH Foundation will:
- Collect only information which we require for our primary function;
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
- Store personal information securely, protecting it from unauthorised access;
- Provide stakeholders with access to their own information, and the right to seek its correction;
- Never share or sell personal information and data;
Types of Information Collected Stored and Used
The AIOH Foundation may hold sensitive information and data including personal contact and financial details, identification information, organisation and or employment information, survey responses, enquiry/complaint details, other submissions etc. We may also hold contractual and other financial information.
Storage and Protection of Information and Data
The AIOH Foundation maintains its records in digital and limited hard copy format, hosted on a secure drive on the Australian Institute of Occupational Hygienists, Inc. (AIOH) server, or in the office of the AIOH. The AIOH server is located in Melbourne. The AIOH has security safeguards and measures in place such as server access restrictions, network protection and premises security. Access to AIOH Foundation records is limited to those persons who manage our business including accounts and bookkeeping, banking and auditing.
Personal Information and Data Usage
The AIOH Foundation collect, holds, uses and discloses personal or sensitive information to provide, administer, promote and develop our programs, services and fundraising activities; process payments and refunds; verify identity and personal information; maintain and update our records; manage our relationships; meet reporting obligations to government agencies; train and manage our staff or volunteers; protect our lawful interests; and deal with enquiries and disputes. Without this information we may not be able to operate effectively. For example, we may not be able to issue receipts or communicate with donors or supporters.
We may also provide communications and targeted advertising on an ongoing basis, unless persons opt out or we are subject to legal restrictions. For example, we may distribute news of our activities by email.
Disclosure of Information and Data
We take care to protect personal or sensitive information from inappropriate and unauthorised disclosure. The circumstances in which we may disclose personal information to a third party includes where the AIOH Foundation is required or authorised by an Australian law or a court/tribunal order; or where we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body.
We may exchange personal or sensitive information with a representative and or the AIOH, to assist us with archival, auditing, accounting, legal, business consulting, banking, payment, delivery, data processing, data analysis, document management, research, or website and technology services. These third parties are also subject to privacy and confidentiality obligations.
Accessing Personal Information and Data
Individuals may request access to their personal information held by the AIOH Foundation. We undertake to process requests within a reasonable time and in accordance with legal requirements. In some cases, such as where it would be unlawful to do so, or where providing access would have an unreasonable impact upon the privacy of other individuals, we may restrict access to all or part of the information requested. In the event that access to personal information is restricted or denied, an explanation will be provided by the AIOH Foundation.
An individual may request their personal information be changed, corrected or deleted. The AIOH Foundation will make all changes where appropriate. If we disagree with a requested change, we will on request keep a record of the requested changes with the relevant personal information.
Complaints about Privacy
Complaints about our privacy practices may be made by emailing the Chair at firstname.lastname@example.org. We take complaints very seriously and will respond on receipt of a written notice of complaint.
Any concerns, questions or suggestions in relation to this policy or our handling of personal or sensitive information, should be made by contacting our Chair at email@example.com, or any other member of the AIOH Foundation Board.
This policy shall be reviewed at least every three years by the Board of Directors.