OUR AUSTRALIAN PRIVACY & ICT (INFORMATION, COMMUNICATION, & TECHNOLOGY ONLINE POLICY @NOT-FOR-PROFIT + CHARITY COMMUNITY CONSULTANTS (WWW.NFPCCC.AU) AND DIVERSE COMMUNITIES JUSTICE + SOCIAL SERVICES (WWW.DCSS.ORG.AU) DUAL NFP-CHARITY. [DRAFT]

1. Introduction

1. Introduction This policy outlines the approach to Privacy and ICT (Information & Computer Technology) + Cyber Security for NOT-FOR-PROFIT + CHARITY COMMUNITY CONSULTANTS (NFPCCC) and DIVERSE COMMUNITY JUSTICE & SOCIAL SERVICES (DCSS) DUAL NFP-CHARITY. We are committed to protecting the personal information of our donors, beneficiaries, employees, volunteers, and other stakeholders, as well as ensuring the security of our ICT & Cyber Security systems. Hereafter, NFPCCC & DCSS DUAL NFP-CHARITY will be referred to as “NFPCCC & DCSS Dual NFP-Charity.”

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

LEGAL NOTICE: any and all information and data collected for our Dual Not-for-Profit Charity Organisations are CONFIDENTIAL & SENSITIVE! All Information and Data is held under the the following Policies & Procedures + Legislations:

A.     ACNC (AUSTRALIAN CHARITIES & NOT-FOR-PROFITS COMMISSION) MANAGING PEOPLES DATA & INFORMATION POLICY: https://www.acnc.gov.au/tools/guides/managing-peoples-information-and-data

B.     OAIC (OFFICE OF THE AUSTRALIAN INFORMATION COMMISSION) PRIVACY ACT 1988 (CTH): https://www.oaic.gov.au/privacy 

C.     AUSTRALIAN INFORMATION SECURITY MANUAL (ISM): https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism

D.     AUSTRALIAN AND INTERNATIONAL GOVERNMENT ICT & CYBER SECURITY AGENCIES, YOU CAN FIND MORE RESOURCES HERE: WWW.CYBER.GOV.AU

E.     DISP = AUSTRALIAN DEFENCE INDUSTRY SECURITY PROGRAM (DISP): https://www.defence.gov.au/business-industry/industry-governance/defence-industry-security-program

IMPORTANT NOTICE: No information is to be SENT passed on to anyone external to the person it is addressed, and ALL SECURITY POLICIES & PROCEDURES MUST BE ADHERED TO FOR ALL OFFICIAL DATA  (ESPECIALLY EXTERNAL PEOPLE /ORGANISATIONS)! FOR ANY EXTERNAL SHARING OF INFORMATION, YOU MUST HAVE WRITTEN APPROVAL BY THE MANAGING DIRECTOR / PRESIDENT / CHAIR OF THE BOARD / CEO (CURRENTLY TOM CONLEY) OR PRIVACY & GOVERNANCE DIRECTOR/LEGAL COUNSEL (OR 3 X BOARD/COMMITTEE MEMBERS), WHICH CAN BE APPLIED VIA EMAILING: EXECUTIVE-GROUP@NFPCCC.AU

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from our websites under any of the following domains: WWW.ALLMYLINKS.COM/NFPCCC-DCSS-NFP-CHARITY / WW.CHARITYCONSULTANTS.ORG.AU / WWW.NFPCONSULTANTS.ORG.AU / WWW.CHARITYCONSULTANTS.ORG / WWW.INDIGENOUSCONSULTANTS.ORG.AU / WWW.CHARITYMENTOR.ORG.AU / WWW.NFPMENTOR.ORG.AU / WWW.CCSE.ORG.AU / WWW.TOMCONLEY.ORG / WWW.TOMCONLEY.AU / WWW.DCSS.ORG.AU / WWW.DCSSJUSTICE.AU / WWW.DCSSAUSTRALIA.ORG / WWW.LGBTIQSERVICES.ONLINE / WWW.LGBTIQSUPPORT.ORG / WWW.NFPJUSTICE.ORG / WWW.LGBTIQPROTECTION.ORG ETC.

2. Purpose

The purpose of this policy is (but not limited) to:

• Ensure compliance with Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). | WWW.OAIC.GOV.AU

• Managing People Information and Data Policies, including the Australian Charities and Privacy Act 2012 | WWW.ACNC.GOV.AU |

• Australian ICT Technology & Cyber Security Manual (ISM) @ Australian Signals Directorate (ASD) & Cyber Security Centre (ASCS) | WWW.CYBER.GOV.AU |

• Protect the personal information we collect, store, use, and disclose.

• Safeguard our ICT systems from cyber threats and data breaches.

3. Scope

This policy applies (but not limited) to:

• This policy applies (but not limited) to:

  • All employees, volunteers, contractors, and partners of NFPCCC & DCSS Dual NFP-Charity;

  • All personal information and data processed by NFPCCC & DCSS Dual NFP-Charity;

  • All ICT systems, including hardware, software, networks, and data storage used by NFPCCC & DCSS Dual NFP-Charity;

  • All immediate partnerships with MOUs and other commercial / in-good-faith partnerships/associations; etc.

—————

4. Cyber Privacy Policy

4.1 Collection of Personal Information: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include (but not limited to):

• Names, addresses, and contact details of donors, beneficiaries, partners, clients, volunteers, staff, etc.

• Financial information related to donations and funding.

• Employment records of staff and volunteers.

• First name and last name, phone number, address, state, province, ZIP/Postal code, city, cookies, and usage data.

• We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

4.2 Cookies & Tracking Technologies We/Our ICT Partners may use cookies and similar tracking technologies to track the activity on our Service and hold certain information. (Details below)

This Cookie Policy describes how Squarespace uses cookies and similar technologies to provide, customize, evaluate, improve, promote and protect our Services. Note that any capitalized terms not defined in this Cookie Policy have the meanings set forth in SQUARESPACE Terms of Service. If you have any comments or questions about SquareSpace Cookie Policy, feel free to contact SQUARESPACE at privacy@squarespace.com.  

Cookies. Cookies are small pieces of text sent to your browser when you visit a site. They serve a variety of functions, like enabling us to remember certain information you provide to us as you navigate between pages on the Services. We use cookies on the website and associated domains of www.squarespace.com and on Squarespace web and mobile applications for the following purposes:

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our online Service. Examples of cookies we use (but not limited to):

• Authentication, Customization, Security and Other Functional Cookies. Cookies help us verify your Account and device and determine when you’re logged in, so we can make it easier for you to access the Services and provide the appropriate experiences and features. We also use cookies to help prevent fraudulent use of login credentials and to remember choices you’ve made on the Services, such as your language preference.

• Performance And Analytics. Cookies help us analyze how the Services are being accessed and used, and enable us to track performance of the Services. For example, we use cookies to determine if you viewed a page or opened an email. This helps us provide you with information that you find interesting.

• Third Parties. Third Party Services may use cookies to help you sign into their services from our Services. Any such third party cookie usage is governed by the policy of the third party placing the cookie.

• Squarespace Ads. We partner with third party publishers, advertising networks and service providers to manage our ads on other sites. Our third party partners may set cookies on your device or browser to gather information about your activities on the Services and other sites you visit, in order to provide you with Squarespace ads. For example, if you visit Squarespace and also use a social media platform, you may see a Squarespace ad in your social media newsfeed or timeline.

• Opting Out. You can set your browser to not accept cookies, but this may limit your ability to use the Services. We currently don’t respond to DNT:1 signals from browsers visiting our Services. You can also opt out of receiving interest-based ads from certain ad networks here (or if located in the European Union, here).

• Device Identifiers. We use device identifiers on Squarespace web and mobile applications to track, analyze and improve the performance of the Services and our ads.

• Session Cookies. We use Session Cookies to operate our Service.

• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

• Security Cookies. We use Security Cookies for security purposes.

—————

4.3 Use and Disclosure of Personal Information We use personal information to (but not limited):

• Communicate with donors, beneficiaries, and volunteers.

• Manage our programs and services.

• Comply with legal and regulatory requirements.

• Provide and maintain the Service.

• Notify you about changes to our Service.

• Process donations and issue receipts.

• Allow you to participate in interactive features of our Service when you choose to do so.

• Provide customer care and support.

• Provide analysis or valuable information so that we can improve the Service.

• Monitor the usage of the Service.

• Detect, prevent, and address technical issues.

We do not disclose personal information to third parties without consent, except as required by law.

4.4 Access and Correction of YOUR Personal Data:

Individuals have the right is (but not limited) to:

• Access their personal information about YOURSELF (or those LEGALLY in your Custody) held by NFPCCC & DCSS DUAL NFP-CHARITY;

• Request corrections to their personal information.

If you have any questions or would like to make a submission of information/investigation please email our Privacy Officer / Board Secretary / CEO / Executive Director / President via: ADMIN@charityconsultants.org.au / EXECUTIVE-GROUP@NFPCCC.AU

4.4 Disclosure of Data Legal Requirements: NONPROFIT + CHARITY CONSULTANTS (NFPCCC) WWW.NFPCCC.AU AND DCSS COMMUNITY JUSTICE + SOCIAL SERVICES NFP CHARITY | WWW.DCSS.ORG.AU | may disclose your Personal Data in the good faith belief that such action is necessary to:

We share your personal data with your consent or to complete any transaction or provide any product you have requested or authorised. We also share data with our controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal processes; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights and property of NFPCCC & DCSS, and our community.

• Comply with a legal obligation.

• Protect and defend the rights or property of NONPROFIT + CHARITY CONSULTANTS (NFPCCC) WWW.NFPCCC.AU AND DCSS COMMUNITY JUSTICE + SOCIAL SERVICES NFP CHARITY | WWW.DCSS.ORG.AU.

• Prevent or investigate possible wrongdoing in connection with the Service.

• Protect the personal safety of users of the Service or the public.

• Protect against legal liability.

4.5 Security of Your Data The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially & ethically acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

4.6 Service Providers / Partners We may, from time to time, partner with or employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used. These third parties may have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose (covered in our MOU Agreement & Confidentiality + Non-Disclosure Agreement + the law).

5 ICT TECHNOLOGY PARTNERS/PROVIDERS & ANALYTICS + THEIR PRIVACY POLICIES: We may use third-party Service Providers to monitor and analyze the use of our Service:

• GOOGE BUSINESS & ANALYTICS: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its advertising network. You can opt out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: Google Privacy: https://policies.google.com/privacy?hl=en

• MICROSOFT OFFICE 365 BUSINESS & ANALYTICS PRIVACY POLICY: https://privacy.microsoft.com/en-gb/privacystatement

• SQUARESPACE WEBSITES & PAYMENT SERVICES - PRIVACY POLICY: https://www.squarespace.com/privacy

• WIX WEBSITE PRIVACY POLICY: https://www.wix.com/about/privacy

• HUBSPOT CRM PRIVACY POLICY: https://legal.hubspot.com/privacy-policy

• SALESFORCE CRM PRIVACY POLICY: https://www.salesforce.com/au/company/privacy/

• SEEK RECRUITMENT PRIVACY POLICY: https://www.seek.com.au/privacy

6. Access to and Correction of Personal Information Individuals have the right to access their personal information and request corrections if the information is inaccurate or incomplete.
Requests for access or correction should be made in writing to the Privacy Officer, or If you have any questions or would like to make a submission of information/investigation please email our Privacy Officer / Board Secretary / CEO / Executive Director / President via: ADMIN@charityconsultants.org.au / EXECUTIVE-GROUP@NFPCCC.AU

7. Data Breaches We have procedures in place to detect, respond to, and mitigate data breaches. In the event of a data breach, we will:

• Notify affected individuals as soon as practicable.

• Report the breach to the Office of the Australian Information Commissioner (OAIC) if required.

• Take steps to contain and remedy the breach.

8. Training and Awareness We provide training and awareness programs for employees and volunteers to ensure they understand their privacy and ICT security obligations.

9. Review and Updates This policy will be reviewed annually and updated as necessary to ensure it remains current and compliant with legal and regulatory requirements.

10. Contact Us: If you have any questions or would like to make a submission of information/investigation please email our Privacy Officer / Board Secretary / CEO / Executive Director / President via: ADMIN@charityconsultants.org.au / EXECUTIVE-GROUP@NFPCCC.AU

—————

11. BASIC OVERVIEW OF ICT (INFORMATION, COMMUNICATION, TECHNOLOGY) AND CYBER SECURITY POLICY

Our ICT & Cyber Security Policy reflects the best of our ability the Australian Government ISM (Information Security Manual) https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism, / Further resources and recommendations about information and technology, can be found via @ Australian Signals Directorate (ASD) & Cyber Security Centre (ASCS) | WWW.CYBER.GOV.AU | + many other trusted authorities.

11.1 ICT Security Management

We implement robust ICT security measures, is (but not limited) to:

• Regular risk assessments and audits of our ICT systems.

• Up-to-date antivirus and anti-malware software.

• Firewalls and intrusion detection/prevention systems.

11.2 User Access Control

We enforce strict user access controls, is (but not limited) to:

• Unique user IDs and strong passwords.

• Role-based access to sensitive information.

• Regular review and revocation of access rights as needed.

11.3 Data Protection

We ensure the protection of data through (but not limited) to::

• Encryption of sensitive data both in transit and at rest.

• Secure backup and recovery processes.

• Disposal of data in a secure manner when no longer needed.

11.4 Incident Response

We have an incident response plan is (but not limited) to::

• Detect and respond to cyber security incidents promptly.

• Mitigate the impact of incidents.

• Notify affected individuals and relevant authorities as required by law.

11.5 Training and Awareness

We provide regular training and awareness programs for staff and volunteers is (but not limited) to:

• Privacy obligations and best practices.

• ICT security protocols and procedures.

• Identifying and reporting security threats and incidents.

12. Compliance and Review

12.1 Compliance

We ensure compliance with this policy through (but not limited) to::

• Regular monitoring and auditing of our privacy and ICT security practices.

• Reporting to the Board of Directors on compliance matters.

12.2 REVIEW & CHANGES TO THIS ONLINE PRIVACY POLICY:

·       This policy is reviewed annually or as needed to ensure it remains relevant and effective. Changes to this policy are communicated to all stakeholders

·       We may update our Privacy Policy from time to time.

·       We will notify you of any changes by posting the new Privacy Policy on this page.

·       We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

·       You are advised to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page.

12.3 Review
This policy is reviewed annually or as needed to ensure it remains relevant and effective. Changes to this policy are communicated to all stakeholders.

13. Contact Information

For any questions or concerns regarding this policy, please contact our Privacy Officer at:
PRESIDENT & CEO TOM CONLEY (HJ-JP, SOCSC, MAICD, MICDA) @ NOT-FOR-PROFIT + CHARITY COMMUNITY CONSULTANTS (NFPCCC) AND DIVERSE COMMUNITY JUSTICE & SOCIAL SERVICES (DCSS) DUAL NFP-CHARITY | WWW.NFPCCC.AU |
If you have any questions or would like to make a submission of information/investigation please email our Privacy Officer / Board Secretary / CEO / Executive Director / President via: ADMIN@charityconsultants.org.au / EXECUTIVE-GROUP@NFPCCC.AU
WEBSITE: WWW.CHARITYCONSULTANTS.ORG.AU / WWW.ALLMYSITES.COM/NFPCCC-DCSS-NFP-CHARITY / WWW.DCSS.ORG.AU
PHONE: (+61) 03-6185-0292 OR 02-6190-6573

This policy helps our non-profit charity to maintain trust with our stakeholders and ensure the security of our operations in line with Australian NonProfit Charity privacy and cyber security standards.

—————

14 KEY DATES TIMETABLE OF THIS ONLINE ICT CYBER SECURITY & PRIVACY POLICY:

• 27 JUNE 2024 - THIS POLICY WAS DRAFTED AND POSTED ON NONPROFIT + CHARITY CONSULTANTS (NFPCCC) WEBSITE: WWW.CHARITYCONSULTANTS.ORG (WWW.NFPCCC.AU)

• 2 JULY 2024 - FURTHER UPDATES MADE BY THE CEO TO THIS POLICY IN PREPARATION FOR BOARD APPROVAL.