PRIVACY POLICY
INTRODUCTION
Returned & Services League of Australia (Queensland Branch) ABN 79 902 601 713 (we, us and our or RSL Queensland) was founded in 1916 by veterans, for veterans. Today, we continue to provide support to veterans and their families, promote wider recognition of our service people’s legacy, and offer a sense of belonging and purpose to all in the veteran community, with our main source of funding being the charitable Dream Home Art Union.
We are sensitive to privacy issues and take seriously the ongoing trust placed in us by our clients and stakeholders. That is why we are committed to compliance with the Privacy Act 1988 (Cth) (Privacy Act), which incorporates the Australian Privacy Principles (APPs).
We need to collect, use and disclose personal information in order to perform our functions and activities - from the provision of care and support to veterans and their families, through to the management of Dream Home Art Union.
We are firmly committed to protecting the privacy and confidentiality of your personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.
You can find more information about the APPs and privacy rights and responsibilities at the website of the Office of the Australian Information Commissioner (www.oaic.gov.au).
About This Privacy Policy
This Privacy Policy explains:
- how we collect, use, and disclose information about our clients, customers, suppliers (and their employees) and people who apply for employment with us
- how to contact us if you have any questions or concerns about the management of your personal information
- how you can access your personal information
In this policy we use the terms “personal information” and “sensitive information” – these terms have the meaning given to them in the Privacy Act.
In general terms,” personal information” is information or an opinion that can be used to personally identify you.
“Sensitive information” is a type of personal information that requires higher protection and includes information or an opinion about an individual’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health information and genetic information.
RSL Queensland’s handling of employee records in relation to current and former employment relationships is exempt from the APPs in certain situations, in which case this privacy policy will not apply.
What Kind of Personal Information We Collect
We only collect your personal information if we need it to provide you with our products or services or to comply with the law. The kind of personal information that we need to collect from you will depend on how and why you are connecting with us:
General
- your contact details, including your full name, street address, email address and telephone number, as well as your date of birth and gender, no matter which type of product or service you are requesting from us
- if you are accessing our services online, we might also collect your IP address, browser type, domain names, browsing preferences, access times and the addresses of referring websites
Veteran service delivery clients
- information about your cultural background
- your occupation
- your service record/history, including your branch of service, enlistment details, discharge details (if relevant) and service number
- information concerning your dealings with the Department of Veterans Affairs, including your DVA number
- health information relevant to your DVA claim or the services we will provide to you
- your payment information, such as your bank account details and, where relevant, details of your superannuation fund
- proof of identity information and documentation including driver's license, passport, or birth certificate
- proof of income information and documentation, such as bank account statements and payslips
- inferred information and characteristics because of undertaking data analysis
- information provided in surveys, feedback, complaints, or commentary
- images from CCTV used in and around our offices and RSL Queensland Veteran and Family Wellbeing Centres
RSL Queensland Veteran and Family Wellbeing Centre clients
- limited information about your service record/history, including your branch of service and status (e.g., serving, ex-serving, transitioning)
- inferred information and characteristics as a result of undertaking data analysis
- information provided in surveys, feedback, complaints, or commentary
- images from CCTV used in and around the centres
RSL Queensland members and prospective members
- details of your country of birth
- your service history, including your branch of service, enlistment details, discharge details (if relevant), service number and theatres of service (if relevant)
- information provided in surveys, feedback, complaints, or commentary (including in any State Tribunal matters)
Dream Home Art Union customers
- if you win a draw - identification details such as driver’s licence number, to verify your identity and any information required to hand over the prize (such as bank account details, if the winner of a cash draw)
Prospective employees
- proof of identity information and documentation including driver's license, passport, or birth certificate
- employment history
- educational qualifications
- referee and reference details
- police check, working with children clearance
- other similar information
Sensitive Information
In limited circumstances we may need to collect sensitive information about you, such as:
- health information relevant to your DVA claim or the services we will provide to you
- information about your cultural background, such as whether you identify as Aboriginal or Torres Strait Islander
If we collect your sensitive information, we will only do so with your consent (unless otherwise required by law).
Information you provide to us about other people
If you give us personal information about other people (such as your emergency contact or, if you are the spouse or dependant of a veteran, the veteran’s details), we will assume that they have agreed that you can do this.
How we collect your personal information?
The main ways we collect personal information are:
Directly
- when you contact or visit us (or we visit you), including visiting a centre, contacting us directly or through a call centre, making an inquiry, completing our online forms, making a complaint or supplying feedback, attending an event
- if you access our websites, including using cookies, which may track what you view on our websites and other websites/apps that you visit, and can also help the website to recall your specific information on later visits. Cookies may also come from third party services for the purpose of collecting data to enable website performance measurement and personalised advertising. For more information on how we use cookies, please click here.
- if you interact with us via social media platforms
- if you subscribe to any of our publications (including any mailing lists) or subscriptions
- if you take part in any competition or promotion that we conduct
- through our security cameras used in our offices and centres
- if you submit an employment application to us
Indirectly
- from any person authorised to act on your behalf or authorised to provide your personal information to us
- from any person buying Dream Home Art Union entries on your behalf
From third parties
- from publicly available sources, including from Australian Government agencies, internet search platforms and social media platforms such as Facebook
- from third party providers who work with us, such as call centres for the Dream Home Art Union
- from Mates4Mates Limited (our related company)
If you do not consent to provide or share your personal information, you will not be able to access our services.
How we use your personal information
We use your personal information in connection with carrying on our business. The way we use your personal information will depend on how and why you are connecting with us:
General
- confirm your identity
- in the case of our suppliers or service providers, to administer contracts which we may have with you
- accept donations from you
- supply goods or services to you
- administer your involvement as a volunteer with us
- respond to feedback from you
- survey and focus groups
- for our own internal administrative purposes, such as to develop and/or test our systems
- aid in ensuring security, health and safety and client and employee protection in our offices and centres
- aid in administering our policies, or to investigate complaints
- recruit and assess our employees or engage contractors
- maintain and update our records
- comply with all laws
Veteran service delivery clients
- verify eligibility requirements
- find services that may be beneficial to you
- provide you with access to services
- manage your involvement in the services
- assess service outcomes
- communicate with you concerning our services and activities
- prepare, submit and process DVA claims on your behalf
RSL Queensland Veteran and Family Wellbeing Centre/Network clients
- verify eligibility requirements
- facilitate connection with other ex service organisations within the centre/network
- manage and co-ordinate your attendance at the centre
- conduct a wellbeing check
RSL Queensland members
- verify eligibility requirements
- supply membership services to you
- liaise with the Sub Branch that you are involved with
- liaise with the District Branch that is associated with your Sub Branch
- communicate with you concerning our services and activities
- manage disciplinary/State Tribunal matters
Dream Home Art Union customers
- process your entries into draws
- contact customers and winners in relation to draw entries
- issue prizes
- promote Dream Home Art Union entries and VIP club membership
- assist in marketing and product development
We may also use your personal information for purposes related to any of the above, or which are disclosed to you at the time the relevant personal information is collected.
Who we share your information with
We share your information for the purposes set out above, where you would reasonably expect us to disclose your information, and/or to comply with the law. This may include for the purposes of the administration of the service or product you have requested, mailing services, distribution services, IT services, data analysis, research, advertising, or consultancy services.
The way we disclose your personal information will depend on how and why you are connecting with us: For example, we may disclose your personal information to:
General
- related entities, contractors, suppliers, distributors, and agents used by us in the ordinary course of our business
- law enforcement agencies, government agencies or other third parties, where required under or authorised by law
- other persons or organisations notified to you at the time the relevant personal information is collected
- our professional advisers to enable them to provide services to us
- any other organisations where you have provided your consent
Veteran service delivery clients
- any state branch of the Returned & Services League of Australia Ltd which is relevant to you, whether due to where you live or where you wish to engage in the services
- Mates4Mates
- Government Departments including Department of Veterans’ Affairs, Defence Community Organisation and Open Arms
In addition, your personal information may be disclosed as follows, depending on the service/s we are providing to you:
RSL Employment program
- Workplace rehabilitation consultants and organisations engaged by RSL Queensland
- Any government organisations RSL Queensland shares information with in connection with this Service
- Prospective employers
- Any other organisations you provide express consent through additional Service documentation required by this Service
RSL Education and Skills Program
- Workplace rehabilitation consultants and organisations engaged by RSL Queensland
- Any government organisations RSL Queensland shares information with in connection with this Service
- Relevant educational institutions and training institutions
- Prospective employers
- Any other organisations you provide express consent through additional Service documentation required by this Service
RSL Queensland Scholarships program – to relevant educational institutions
- Veteran Homelessness Program – to The Salvation Army
- RSL Advocacy – to Commonwealth Superannuation Corporation
- RSL Queensland Veteran and Family Wellbeing Centre/Network clients
Mates4Mates
- other organisation/s who you engage with at the Centre and/or Network
RSL Queensland members
- your nominated Sub Branch and the relevant District Branch
Dream Home Art Union customers
- suppliers of Dream Home Art Union prizes, including motor cars, travel and gold bullion
From time to time, we may provide aggregated and de-identified information to other business partners for various purposes, including for research purposes.
In doing so, we will take all steps as are reasonable to ensure that these parties respect and uphold the provisions of this Privacy Policy in relation to your personal information.
How we disclose personal information overseas
Our preference is to not disclose personal information outside Australia. However, this does occur in limited circumstances, such as service providers and information technology and cloud services providers located in countries other than Australia, including in the United States of America and Ireland.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
How we engage in direct marketing
We may send you direct marketing communications about our products, services, or events that we consider may be of interest to you or engage in any other direct marketing activity, if you have requested or consented to receive these communications.
We may use your personal information for the purpose of providing you with direct marketing communications and/or other information, if it is within your reasonable expectations that we would send you such information given the nature of earlier communications with you and/or the products or services that you have requested from us.
You may at any time opt out of receiving any communications from us (other than as needed for the operation of our activities, e.g., for the payment of services) by using the “unsubscribe” facility included in an email you receive from us or by contacting us using the details set out at the bottom of this document.
Can I remain anonymous or give a pseudonym?
You have the option of not identifying yourself, or of using a pseudonym, when dealing with us provided it is lawful and practical to do so. However, there are a number of circumstances where this is not possible, including when:
- purchasing Dream Home Art Union tickets (as prizes can only be handed over to the ticket holder, and if you won a prize we would need to verify your identity)
- engaging in veteran services (as we need to verify eligibility requirements)
- signing up as a member of RSL Queensland (as we need to verify eligibility requirements)
- you are a prospective employee
How we hold, secure and store your personal information?
We may hold your information in either electronic or hard copy form. We will take reasonable steps to ensure your personal information is destroyed or de-identified once we are no longer legally required to hold your personal information and it is no longer needed.
We take reasonable steps to protect the security of your personal information that we hold, including by:
- having security measures in place to protect the personal information we hold from misuse and loss and from unauthorised access, modification, or disclosure
- taking measures to restrict access to only personnel who need that personal information to effectively supply services to you
- when personal information (such as payment information) is transmitted to other websites, it is protected by encryption, such as the Secure Socket Layer (SSL) protocol
- having a Data Breach Response Plan and following the requirements of the Data Breach Notification scheme under the Privacy Act
- training our staff on how to keep your information safe and secure
Accessing, updating and correcting your personal information
You can ask for a copy of your personal information, or ask us to update or correct it, by contacting the Privacy Officer (whose details are listed in section 13). We will respond to these requests in a timely manner (usually with 30 days).
Before we respond to your request, we will need to confirm your identity, and we will ask you to complete an access request form. You do not have to supply a reason for requesting access. If you believe that the personal information we hold about you is incorrect (i.e. it is inaccurate, out-of-date, incomplete, irrelevant or misleading) you can ask us to correct it.
If we are satisfied the information is incorrect, we will take reasonable steps to correct it and to inform any other organisation to which we have provided the information of the correction.
If we refuse your request for correction and you ask us to do so, we will take reasonable steps to include a statement with, or associated with, the personal information that says you believe our record about you is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If we refuse your requests to access, correct or associate a statement with your personal information, we will inform you of our reasons for the refusal and relevant complaint mechanisms.
Your payment information
Dream Home Art Union’s systems and providers are compliant with the Payment Card Industry Data Security Standard (PCI DSS), and undergo rigorous audits and testing to ensure that confidentiality and the integrity of our systems and information are upheld.
Dream Home Art Union regularly performs security, vulnerability and malware scanning that is conducted by an external ASV (Accredited Scanning Vendor) to ensure our site remains free of vulnerabilities or malicious software.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information supplied is encrypted via Secure Socket Layer (SSL) and Transport Layer Security (TLS) technology.
We implement a variety of security measures and encryption methods, when a user places an order or enters, submits, or accesses their information, to maintain the safety of your personal information.
All transactions are processed through a secure gateway provider and your credit card information is not stored on our systems. Financial information, such as bank account details that are provided in association with a Direct Debit arrangement are stored in a secure and/or encrypted format in connection with a transaction.
If you utilise PayPal for your purchase, your PayPal account details will be collected and stored by PayPal for future transactions in connection with their Privacy Policy which can be found here.
GDPR - Processing EU personal data
This section entitled “GDPR – Processing EU Personal Data” only applies if you access our products or services in the EU and your personal data (as defined in this section) is processed and/or monitored as a result.
General - When we process your personal information, we will comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), any local implementing laws and any successor legislation to the GDPR and the local implementing laws. We are the data controller (as defined in GDPR) of the data you pass to us pursuant to this policy.
Where we refer to “personal information” throughout this policy, it has the meaning set out in the Privacy Act (as explained at the beginning of this policy) and also the meaning given to “personal data” in the GDPR. “Processing” has the meaning set out in GDPR and, in practice, means doing anything with your personal information, including storing it.
Retention – if you are a regular customer or subscriber of the Dream Home Art Union, we will retain your personal information for no longer than 8 years from the date of our last interaction with you. This enables us to comply with certain legal obligations and financial reporting requirements. We may choose to retain your personal information for a shorter period of 25 months from the date of our last interaction with you if you purchase only occasional tickets from us or where we have no interaction with you during a 12-month period
If we receive a “return to sender”, bounce-back email or similar message when we contact you, we will delete the relevant personal information from our system. We will also delete or update your personal information if you ask us to do so in accordance with the requirements of GDPR.
Grounds for processing - we collect most of your personal information on the grounds of our legitimate interests or fulfillment of a contract, for example, providing you with the Dream Home Art Union tickets you have purchased and liaising with you in respect of those tickets. If we deem it appropriate, we may also rely on legitimate interests to send you marketing communications, including where you have opened a customer account for the Dream Home Art Union or purchased tickets for the RSL Art Union. If we are unable to rely on legitimate interests or another ground to process your personal information, we will seek consent from you in accordance with the requirements of GDPR.
If we have obtained consent from you to process your data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact information set out below. Please bear in mind that if you withdraw your consent it may affect our ability to carry out tasks for your benefit. Withdrawal of your consent will not affect any processing we have carried out in respect of your personal information prior to you withdrawing consent.
In the section entitled “Who we share your information with”, we have explained that we may need to disclose your personal information to certain third parties. If any of those third parties are located outside of the European Economic Area (EEA) we will ensure that there are appropriate safeguards in place when the data is transferred in accordance with the requirements of GDPR.
Automated decision making – if you purchase an Dream Home Art Union ticket, your success or otherwise will be determined as a result of a process of automated decision making. We carry out this example of automated decision making on the grounds that it is necessary to fulfil the contract we have entered into with you.
Your rights – there are a number of rights available to you under GDPR. These include:
- the right to access your personal information and ask us to provide certain information about the processing we carry out in respect of your personal information;
- the right to ask us to rectify any personal information we process that you believe is incorrect or incomplete;
- the right to ask us to erase your personal information; the right to ask us to restrict the processing we carry out in respect of your personal information, or to object to the processing we carry out; and
- the right to have your data provided to another data controller in a structured, commonly used and machine-readable format (data portability).
Please note that there are some exceptions and caveats to the rights listed above.
Complaints – in addition to your rights set out above in the section entitled “Complaints and Concerns”, you are entitled to complain to the relevant supervisory authority in your jurisdiction. A list of the supervisory authorities throughout the European Union is available here.
Changes to this policy
It may be necessary for us to update our Privacy Policy from time to time. An amended version will be posted on our websites at www.rslqld.org and www.rslartunion.com.au. The current version of this policy was last updated in 07 August 2024.
How to contact us or make a complaint
If you have any questions or comments about this policy or if you have any complaint about the treatment of your privacy by us, please contact us in writing using the following details:
The Privacy Officer
Returned & Services League of Australia (Queensland Branch)
283 St Pauls Terrace,
Fortitude Valley QLD 4006
Ph: (07) 3634 9444
privacy@rslqld.org
We treat complaints relating to privacy very seriously. If you submit a concern or complaint, we will endeavour to deal with it comprehensively and reach an outcome where all parties are satisfied.
However, if you are not satisfied with our response to your complaint, or if you would like further information about privacy in Australia, then you can contact the Office of the Australian Information Commissioner at oaic.gov.au.