Privacy Statement

1. Our Commitment to Privacy

Reaching Hearts Incorporated (referred to as "we," "us," or "our") is committed to protecting the privacy of our donors, supporters, volunteers, and other stakeholders (collectively, "you").

We are bound by the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth), which govern how we collect, use, disclose, store, secure, and dispose of your Personal Information.

2. What Personal Information We Collect

Personal Information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. The types of Personal Information we may collect include:

  • Identity Data: Name, date of birth, gender, and title.

  • Contact Data: Postal address, email address, telephone number(s).

  • Donation Data: Details of donations made, payment method, payment card details (or bank account information, which is securely encrypted and managed), and donation frequency/history.

  • Communication Data: Records of your communication with us (e.g., emails, letters, meeting notes).

  • Engagement Data: Details of events attended, campaigns supported, and volunteer activities.

  • Demographic Data: General location, occupation, or interests (if voluntarily provided).

3. How We Collect Your Data

We collect Personal Information directly from you when it is reasonably necessary for us to carry out our functions and activities. This may occur when you:

  • Make a donation (online, via phone, mail, or in-person).

  • Sign up for our newsletters, email updates, or membership.

  • Register to attend an event or participate in a campaign.

  • Apply to become a volunteer.

  • Contact us with an enquiry or feedback.

In some cases, we may collect Personal Information about you from publicly available sources (e.g., public registers, online directories, media publications) or from third-party service providers (e.g., fundraising platforms, data aggregators) where you have consented to such sharing. We will only do this where it is reasonable and practical to do so, and in compliance with the APPs.

4. Why We Collect and How We Use Your Data (APP 6)

We primarily collect and use your Personal Information to carry out our charitable mission and for purposes directly related to our functions, including:

Purpose Category

Specific Uses

Fundraising & Processing

Processing your donations, issuing receipts, and confirming payment details.

Communication & Engagement

Sending you information about our programs, appeals, events, and impact (direct marketing).

Administration

Maintaining and updating our supporter records, complying with our legal and financial obligations (e.g., tax, audit).

Research & Analysis

Improving our fundraising strategies, understanding donor motivations, and tailoring our communications.

Volunteering

Managing volunteer activities and ensuring the safety and effectiveness of our programs.

Direct Marketing (APP 7): We may use your Personal Information to send you direct marketing communications. You have the right to opt-out of receiving these communications at any time by using the "unsubscribe" function in our emails or by contacting us using the details below.

5. Disclosure of Your Data (APP 8)

We will not disclose your Personal Information to any third party for commercial purposes. We may disclose your data to the following third parties, but only when necessary and in compliance with the APPs:

  • Service Providers: Third parties who provide services on our behalf, such as payment processors, mailing houses, IT support, cloud storage providers, and data analysts. These providers are strictly prohibited from using your data for any purpose other than those directed by us.

  • Regulatory Bodies: Government or regulatory authorities (e.g., the Australian Taxation Office, ACNC) where required or authorised by Australian law.

  • With Consent: Where you have explicitly consented to the disclosure.

Overseas Disclosure

In some instances, we may use cloud-based servers or third-party service providers that store or process data outside of Australia (e.g., for email management or customer relationship management (CRM) software).

When this occurs, we take reasonable steps to ensure that the overseas recipient handles your Personal Information in accordance with the APPs or is subject to a law or binding scheme that has the effect of protecting the information in a way that is substantially similar to the APPs.

6. How We Store and Secure Your Data (APP 11)

We are committed to securing your Personal Information and protecting it from misuse, interference, loss, unauthorised access, modification, or disclosure.

  • Storage: Your Personal Information is held in a combination of secure electronic databases (CRM systems) and, rarely, secure physical files.

  • Security Measures: We implement various security measures, including:

    • Password protection and multi-factor authentication for our systems.

    • Restricting physical and electronic access to our premises and data storage.

    • Encryption of sensitive information, particularly donation payment details.

    • Staff training on privacy and security protocols.

  • Disposal: We retain Personal Information only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Once no longer needed, we will take reasonable steps to destroy or permanently de-identify the information.

7. Access and Correction of Your Data (APPs 12 & 13)

You have the right to:

  • Access: Request access to the Personal Information we hold about you. We will provide you with access unless a legal exception applies, and we may charge a reasonable fee for the administrative cost of providing the data.

  • Correction: Request that we correct any Personal Information that you believe is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To make a request for access or correction, please contact our Privacy Officer using the details below.

8. Making a Privacy Complaint

If you believe that we have breached the APPs, you may lodge a formal complaint with our Privacy Officer.

Complaint Process:

  1. Contact: Please detail your complaint in writing, stating how you believe your privacy has been breached, and send it to the Privacy Officer.

  2. Acknowledgement: We will acknowledge receipt of your complaint within [X business days, e.g., 5 business days].

  3. Investigation: We will investigate your complaint and aim to provide a response within [Y business days, e.g., 30 days].

If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC):

9. Contact Us

If you have any questions about this Privacy Statement or our data handling practices, please contact our Privacy Officer:

Details

Privacy Officer:

[Name or Role Title, e.g., Operations Manager]

Email:

[Privacy Email Address]

Address:

[Organisation Street Address]

Phone:

[Phone Number]

This Privacy Statement was last updated on [Date].