Returned & Services League of Australia (Queensland Branch) ABN 79 902 601 713 (we, us and our or RSL Queensland) respects and upholds the privacy rights of individuals.
We are sensitive to privacy issues and take seriously the ongoing trust placed in us. We have committed to compliance with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs), which detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
Personal information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.
Sensitive information, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
COLLECTION OF YOUR PERSONAL INFORMATION
We only collect personal information that is necessary for what we do such as:
1. providing membership services;
2. veteran research and rehabilitation services;
3. pension, advocacy and welfare services;
4. accommodation services;
5. financial support services; and
6. the operation of the RSL Art Union.
The types of personal information we may collect depends on the purpose for which we need the information and may include the following:
• your contact details, including your full name, street address, billing address, postal address, email address; and telephone number;
• your date of birth and age;
• your occupation;
• your service record;
• your information concerning your dealings with the Department of Veterans Affairs;
• your payment information, including details of your superannuation fund;
• your RSL membership number;
• your IP address, browser type, domain names, browsing preferences, access times and the addresses of referring websites;
• proof of identity information and documentation including driver's license, passport or birth certificate information;
• proof of income information and documentation;
• next of kin and emergency contact information.
We may also collect sensitive information from you when we engage with you as part of providing our veteran rehabilitation and welfare support services including:
• mental health support;
• emergency financial assistance;
• bereavement assistance;
• help with compensation claims through the Department of Veterans’ Affairs;
• referrals to peer support groups and other specialist services;
• visits to the sick, injured and lonely in hospital and/or at their homes;
• short term crisis accommodation; and
• subsidised longer term housing solutions.
We may also collect sensitive information about you where there is a legal requirement to do so, or where we are otherwise permitted by law.
The kinds of sensitive information that we may collect and hold from you or about you include your physical and mental health information, including your medical history and treating doctor.
HOW WE COLLECT AND HOLD PERSONAL INFORMATION
We will where possible, collect your personal information directly from you, unless it is unreasonable or impracticable for us to do so. If we collect your personal information from another person and it is unclear that you have consented to the disclosure of that information to us or that information is otherwise not permitted to be disclosed to us, we will, whenever reasonably possible, make you aware that we have done this and the reasons for doing so.
If you do not provide some or all of the personal information we request, we may be unable to effectively provide our services to you. For example, we may collect personal information from you through telephone calls, your emails, website contact forms and other correspondence to us.
WEBSITE USAGE INFORMATION AND COOKIES
Our websites at www.rslqld.org and www.rslartunion.com.au, use small data files called cookies on your computer, which you can choose to accept or decline.
One of the primary purposes of a cookie is to save you time. A cookie tells the web server that you have returned to a specific webpage. For example, if you personalise the webpages on our website or register with us through our website, the cookie helps the website to recall your specific information on subsequent visits.
This simplifies the process of recording your personal information, such as billing address, postal address and so on. When you return to the same webpage, the information you previously provided can be retrieved so you can easily use the website features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but depending on your browser, you can modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website.
There is also information about the hardware and software on your computer that is automatically collected by our website. This information can include your IP address, browser type, domain names, browsing preferences, access times and the addresses of referring websites. This information is used by us to maintain the quality of our website and to provide us with information regarding the use of our website.
We encourage you to review the privacy statements of websites you choose to link to from our website so that you understand how those websites collect, use and share your information. We have no control over and are not responsible for the manner in which the hosts of other websites use personal information they collect from you.
WHAT WE DO WITH YOUR PERSONAL INFORMATION
We use the personal information we hold about you to do the following things:
• provide membership services to you;
• act as your representative in any matters that may arise from time to time involving the Department of Veterans Affairs;
• provide welfare services to you;
• provide accommodation services to you;
• administer your entry in lotteries run by us;
• liaise with our District Branches and Sub Branches with whom you are involved;
• administer contracts into which we may enter with you;
• accept donations from you;
• supply goods to you;
• administer your involvement as a volunteer with us;
• communicate with you concerning our activities;
• respond to feedback from you;
• develop and/or test our systems;
• for our own internal administrative purposes.
With your consent, we do the following:
• communicate promotional offers and special events to you;
• conduct fundraising;
• conduct marketing activities;
• planning to improve services we offer to our members and the veteran family in accordance with our charitable objects.
WHO WE DISCLOSE YOUR PERSONAL INFORMATION TO
We will not disclose your personal information to any person except to our District Branches, Sub Branches, related entities, contractors, suppliers, distributors and agents used by us in the ordinary course of our business. This may include for the purposes of the administration of membership services, mailing services, distribution services, IT services, data analysis, research, advertising or consultancy services.
We may also need to disclose your personal information where we:
• are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or
• need to disclose it to protect our rights, property or safety of our members, customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction.
We do not ordinarily disclose your personal information overseas, however, before any personal information is disclosed to a recipient in a foreign country, the Privacy Act requires us to take such steps as are reasonable in the circumstances to ensure that the recipient does not breach the APPs in relation to the information. However, if you consent to the disclosure of your personal information to overseas recipients, we are not required to take such steps.
By submitting your personal information to us, you expressly consent to the disclosure, transfer, storage or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia may not have the same privacy protection obligations as Australia in relation to personal information.
By submitting your personal information to us, you expressly consent to us using your personal information to provide you with information about our products, services or events or any other direct marketing activity which we consider may be of interest to you.
We may also use your personal information for the purpose of providing you with other information, if it is within your reasonable expectations that we would send you such information given the nature of previous communications with you.
You may at any time opt out of receiving any communications from us (other than as required for the operation of our activities, e.g. regarding the payment for RSL Art Union tickets) by using the “unsubscribe” facility included in an email you receive from us or by contacting us using the details set out at the bottom of this document.
PSEUDONYMITY OR ANONYMITY
You have the option of not identifying yourself, or of using a pseudonym, when dealing with us provided it is lawful and practical to do so.
We store personal information:
• contained in paper based and other hard copy documents both at our office and at off site secure storage facilities; and
• contained in electronic records, in a controlled and secure environment.
Your personal information is only accessible by those persons who require access to the personal information for the purposes of carrying out their work on our behalf.
We will take all reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure.
When personal information (such as payment information) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
DESTRUCTION AND DE-IDENTIFICATION
We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose. We will destroy or de-identify personal information in accordance with our data security and data destruction policies or when our legal obligations to retain the information have expired and the information is no longer needed by us.
ACCESS TO YOUR PERSONAL INFORMATION
You may request access to the personal information we hold about you by writing to our Privacy Officer at the address below.
You do not have to provide a reason for requesting access. Except in circumstances established under the APPs, if we hold personal information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how you may access that information (e.g. post or collection). We may ask you to complete an Access
Request form to help us identify and locate the information being requested.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, you can ask us to amend it. We will consider your request and:
• if we agree that the information we hold is inaccurate, we will amend it; or
• if we do not agree, then we will add a note to the personal information stating that you disagree with its accuracy.
If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred.
Where it is ascertained that a breach has actually occurred and where required by law, we will notify the Privacy Commissioner and affected customers as soon as practicable after becoming aware that a data breach has occurred.
COMPLAINTS AND CONCERNS
We will respond to your complaint in accordance with the relevant provisions of the APPs as soon as practicable. We treat complaints relating to privacy very seriously. If you submit a concern or complaint, we will endeavour to deal with it comprehensively and reach an outcome where all parties are satisfied.
If you are not satisfied with our response to your complaint, or if you would like further information about privacy in Australia, then we suggest you contact the Office of the Australian Information Commissioner at oaic.gov.au.
YOUR PAYMENT INFORMATION
RSL Art Union’s systems and providers are compliant with the Payment Card Industry Data Security Standard (PCI DSS), and undergo rigorous audits and testing to ensure that confidentiality and the integrity of our systems and information are upheld.
RSL Art Union regularly performs security, vulnerability and malware scanning that is conducted by an external ASV (Accredited Scanning Vendor) to ensure our site remains free of vulnerabilities or malicious software.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information supplied is encrypted via Secure Socket Layer (SSL) and Transport Layer Security (TLS) technology.
We implement a variety of security measures and encryption methods, when a user places an order or enters, submits, or accesses their information, to maintain the safety of your personal information.
All transactions are processed through a secure gateway provider and your credit card information is not stored on our systems. Financial information, such as bank account details that are provided in association with a Direct Debit arrangement are stored in a secure and/or encrypted format in connection with a transaction.
GDPR - PROCESSING EU PERSONAL DATA
This section entitled “GDPR – Processing EU Personal Data” only applies if you are a resident of the European Union and have passed your personal information (as defined in this section) to us.
General - When we process your personal information we will comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), any local implementing laws and any successor legislation to the GDPR and the local implementing laws. We are the data controller (as defined in GDPR) of the data you pass to us pursuant to this policy.
Where we refer to “personal information” throughout this policy, it has the meaning set out in the Privacy Act (as explained at the beginning of this policy) and also the meaning given to “personal data” in the GDPR. “Processing” has the meaning set out in GDPR and, in practice, means doing anything with your personal information, including storing it.
Retention – if you are a regular customer or subscriber of the RSL Art Union, we will retain your personal information for no longer than 8 years from the date of our last interaction with you. This enables us to comply with certain legal obligations and financial reporting requirements. We may choose to retain your personal information for a shorter period of 25 months from the date of our last interaction with you if you purchase only occasional tickets from us or where we have no interaction with you during a 12 month period.
If we receive a “return to sender”, bounce-back email or similar message when we contact you, we will delete the relevant personal information from our system. We will also delete or update your personal information if you ask us to do so in accordance with the requirements of GDPR.
Grounds for processing - we collect most of your personal information on the grounds of our legitimate interests or fulfilment of a contract, for example, providing you with the RSL Art Union tickets you have purchased and liaising with you in respect of those tickets. If we deem it appropriate, we may also rely on legitimate interests to send you marketing communications, including where you have opened a customer account for the RSL Art Union or purchased tickets for the RSL Art Union. If we are unable to rely on legitimate interests or another ground to process your personal information, we will seek consent from you in accordance with the requirements of GDPR.
If we have obtained consent from you to process your data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact information set out below. Please bear in mind that if you withdraw your consent it may affect our ability to carry out tasks for your benefit. Withdrawal of your consent will not affect any processing we have carried out in respect of your personal information prior to you withdrawing consent.
In the section entitled “What we do with your personal information”, we have explained that we may need to disclose your personal information to certain third parties. If any of those third parties is located outside of the European Economic Area (EEA) we will ensure that there are appropriate safeguards in place when the data is transferred in accordance with the requirements of GDPR.
Automated decision making – if you purchase an RSL Art Union ticket, your success or otherwise will be determined as a result of a process of automated decision making. We carry out this example of automated decision making on the grounds that it is necessary to fulfil the contract we have entered into with you.
Your rights – there are a number of rights available to you under GDPR. These include:
• the right to access your personal information and ask us to provide certain information about the processing we carry out in respect of your personal information;
• the right to ask us to rectify any personal information we process that you believe is incorrect or incomplete;
• the right to ask us to erase your personal information;
• the right to ask us to restrict the processing we carry out in respect of your personal information, or to object to the processing we carry out; and
• the right to have your data provided to another data controller in a structured, commonly used and machine readable format (data portability).
Please note that there are some exceptions and caveats to the rights listed above.
Complaints – in addition to your rights set out above in the section entitled “Complaints and Concerns”, you are entitled to complain to the relevant supervisory authority in your jurisdiction. A list of the supervisory authorities throughout the European Union is available here.
CHANGES TO THIS PRIVACY STATEMENT
OUR CONTACT DETAILS
The Privacy Officer
Returned & Services League of Australia (Queensland Branch)
283 St Pauls Terrace,
Fortitude Valley QLD 4006
Ph: (07) 3634 9444
Fax: (07) 3634 9400
Last updated: 18 March 2019