Creating an inclusive world for autistic girls, women and gender diverse individuals.

Home > About > Privacy Policy

Yellow Ladybugs Privacy Policy

Yellow Ladybugs collects information and data about people including donors, supporters, staff and the community we support. This brings important legal and ethical responsibilities. This policy explains how Yellow Ladybugs collects, stores and uses people’s information and data. We will review and update this policy when any relevant laws change or if change how we do things.

Yellow Ladybugs is not required to comply with the Privacy Act 1988 (Cth). We base the way we manage information and data management systems on its principles. Read about the Australian Privacy Principles

For guidance on the definitions of personal, sensitive and health information, please see the OAIC website at https://oaic.gov.au/agencies-and-organisations/app-guidelines/

Information and data we collect

Yellow Ladybugs collects and stores personal information including:

  • names, addresses and phone numbers
  • ages or dates of birth
  • email addresses
  • bank account or credit card details (for donors)
  • signatures
  • employment details
  • details of service and product purchases and preferences

Yellow Ladybugs may also collect more detailed personal information relating to:

  • education, including whether individuals within our community are home schooled,
  • health, including whether individuals within our community have been diagnosed with autism or have received any other comorbid diagnosis.

Why we collect information and data

Information and data collected and stored by Yellow Ladybugs may be used to:

  • provide effective services to our community (e.g. birthday card club, respond to enquiries, events
  • maintain membership lists
  • manage donor and supporter lists
  • co-ordinate and manage volunteers
  • send newsletters or updates to donors, supporters and our community
  • account for activities or expenses, and
  • provide supporting evidence when seeking grants or other funding.

Yellow Ladybugs may also use personal information and data for such secondary purposes that are related to the primary purpose of collection and can be reasonably expected, or to which you have consented.

www.yellowladybugs.com.au

We record individual visits to our website. This information is used for statistical purposes, as well as helping us to maintain our server and to improve services. We will not disclose this information to any other government agency, organisation or individual unless required by law to do so.

Yellow Ladybugs Facebook

Yellow Ladybugs records individual visits to its Facebook pages. This information is used for statistical purposes, as well as helping to improve its services. This information will not be disclosed to any other government agency, organisation or individual unless Yellow Ladybugs is required by law to do so. Facebook’s Privacy Principles and Data Policy.

Special purposes

On occasion, Yellow Ladybugs may collect personal information for a special purpose, for example research, and when it does so it will provide potential participants requested to participate with a specific statement on how the information will be used.

Providing your personal information to Yellow Ladybugs

In some circumstances Yellow Ladybugs will allow individuals the option of not identifying themselves, or of using a pseudonym, when dealing with it (for example, when viewing the Yellow Ladybugs’ website or making general phone queries). Donations may also be made anonymously, but in this case Yellow Ladybugs may not be able to issue a tax- deductible receipt.

Our approach to direct marketing

Direct marketing is the sending mail or emails or making phone calls directly to individuals to promote our services, raise our profile or solicit donations or support. It involves us using the information and data we holds about a person. We consider the requirements for direct marketing set out in APP 7 (even though we are not required to comply with Australian Privacy Act).

Yellow Ladybugs will only use your personal information for direct marketing if:

  • we collected the information used
  • you would reasonably expect Yellow Ladybugs to use or disclose your information and data for the purpose of direct marketing
  • we provide a simple means for you to easily request to ‘unsubscribe’ or not receive further direct marketing communications
  • you have not opted out of receiving direct marketing communications from us.

In circumstances where a person would not reasonably expect Yellow Ladybugs to use their information for direct marketing, we may still use your information for direct marketing purposes if:

  • you have given consent for your information to be used for this purpose (or it is impracticable for Yellow Ladybugs to obtain the consent)
  • Yellow Ladybugs provides a simple way for you to request to not receive further direct marketing communications
  • We provide a prominent statement that the person may make such a request each time that we contact you for a direct marketing purpose (or Yellow Ladybugs otherwise draws the person’s attention to this option), and
  • You have not made a request to not receive direct marketing communications from Yellow Ladybugs.

These criteria also apply in situations where Yellow Ladybugs collects the person’s information from a source other than the person in question (for example, if it collects the information from another charity). Under APP 7, the use of sensitive information is treated differently to personal information. For Yellow Ladybugs to use a person’s sensitive information for direct marketing purposes, it must first receive the person’s direct consent. Person may request to not receive direct marketing communications

If Yellow Ladybugs uses a person’s information for direct marketing (or for facilitating direct marketing by other organisations), the person may request:

  • to not receive direct marketing communications from Yellow Ladybugs
  • to not have their information used for the purposes of facilitating direct marketing communications, and
  • that Yellow Ladybugs provide the source of its information.

Yellow Ladybugs will act on a person’s request to not receive direct marketing communications. Once a Yellow Ladybugs receives such a request, it will act on the request within a reasonable time period (usually be no more than 30 days).

Yellow Ladybugs’ approach to sharing donor lists with other charities Sharing donor lists can be an effective way for charities to expand the audience to which they communicate, promote their work, and solicit donations and support. However, Yellow Ladybugs will be careful to ensure that doing so would meet reasonable community expectations. If Yellow Ladybugs considers sharing a list of donors, it will consider how its supporters, donors and the community would view a decision to do so. Before sharing information and data about people, the Yellow Ladybugs’ Board will consider:

  • whether Yellow Ladybugs has stated that it might share the information or data it holds about people
  • whether Yellow Ladybugs has given people the option to not have their information or data shared
  • the type of organisation with which Yellow Ladybugs intends to share the information or data it holds about people, and
  • the risks that sharing people’s information or data may pose for Yellow Ladybugs reputation and its public support.

Yellow Ladybugs will be clear about the purposes for which it collects, stores and uses people’s information and data. Yellow Ladybugs will not share a person’s information or data with other charities or organisations unless the person has given consent for Yellow Ladybugs to do so, or the person would reasonably expect Yellow Ladybugs to do so. Note: The requirements for using or disclosing personal information are set out in Australian Privacy Principle 6 (APP 6). If Yellow Ladybugs uses or discloses personal information for direct marketing purposes, however, APP 7 applies instead of APP 6. The requirements of APP 6 mean, in short, Yellow Ladybugs must only use a person’s information for the purpose for which it collected the information (the primary purpose), unless it has received consent from the person to do otherwise. Use or disclose for a purpose other than primary purpose Yellow Ladybugs may use or disclose a person’s information for a purpose other than the primary purpose if it meets these criteria:

  • the person would reasonably expect Yellow Ladybugs to do so, and
  • the information is related to the primary purpose (or directly related to the primary purpose for sensitive information).

Exceptions also exist for when:

  • the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order
  • Yellow Ladybugs reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body, or
  • a permitted general situation or a permitted health situation exists.

Buying, renting or selling donor lists

Yellow Ladybugs may want to buy or rent access to donor lists to expand their reach, or even sell their own list of donors. Buying, renting and selling lists occurs in the business sector and may provide benefits for charities too. However, if considering such practices, the Yellow Ladybugs Board will take into account the risks that they bring and community expectations of such practices.

If Yellow Ladybugs considers selling its donor list, it must be sure that the people on the list consented to having their information and data used in this way or had a reasonable expectation that Yellow Ladybugs would do so. If Yellow Ladybugs is considering buying or renting a list of donors (whether this be from another charity or a list broker), it is important to consider APP 3, which states that “an APP entity must collect personal information only by lawful and fair means”. However, it is also important to note that collecting a person’s information and data by “lawful and fair means” does not necessarily mean that Yellow Ladybugs can be sure that people provided their consent or had a reasonable expectation that their information and data would be used in this way. It is crucial that the Yellow Ladybugs Board is vigilant in conducting due diligence if considering buying or renting a list of donors for their own use.

Managing information and data

Yellow Ladybugs strives to ensure the responsible, honest and ethical management of people’s information and data. Yellow Ladybugs have adopted the following practices as they provide a foundation on which good governance practices for information and data management can be built:

  • only collect a person’s information and data by lawful and fair means
  • do not share or sell people’s information and data without their express recorded permission
  • be explicitly clear when collecting a person’s information and data about the purpose for doing so
  • only collect and store the minimal amount of information and data about a person required for a particular purpose
  • only store a person’s information and data for as long as it is required for the purpose
  • securely store people’s information and data both physically and digitally
  • only disclose a person’s information and data for the purpose for which it was collected and stored
  • offer people an option to have their information and data changed, corrected or securely removed
  • allow people to have access to and correct their information and data
  • accurately record and follow people’s marketing preferences
  • ensure all the staff and volunteers who have access to people’s information and data understand Yellow Ladybugs’ policies and are properly trained
  • implement a clear policy and processes for managing people’s information and data
  • publish publicly, or make available on request, Yellow Ladybug’s policy for managing people’s information and data
  • if using an external provider to manage information and data, ensure its policies and practices meet legal requirements and the expectations of Yellow Ladybugs and the community.

Yellow Ladybugs is transparent about the information and data that it collects, stores and uses. It is open about its practices and be prepared to answer questions from donors, members, supporters and the public about the way it manages people’s information and data.

Yellow Ladybugs securely stores and protects people’s information and data Yellow Ladybugs has appointed a Governance Lead and Secretary to oversee the management of personal information in accordance with this policy. Yellow Ladybugs takes all reasonable steps to protect personal information from misuse, loss,unauthorised access or disclosure. All staff and volunteers are required to protect confidentiality and comply with this policy.

Yellow Ladybugs holds personal information in a combination of computer storage facilities and other records and takes steps to protect the personal information held from misuse, loss, unauthorised access, modification or disclosure. Yellow Ladybugs uses methods to destroy or de-identify any personal information as soon as the law permits, provided the information is no longer needed by us for any purpose. Individuals can help to protect privacy by contacting Yellow Ladybugs immediately when there is a change of contact details, such as address and telephone number. Accessing Yellow Ladybugs website When a person uses the Yellow Ladybugs website, having their cookies enabled will allow Yellow Ladybugs to maintain the continuity of that person’s browsing session and remember their details when they return. Yellow Ladybugs may also use web beacons, Flash local stored objects and JavaScript. If that person adjusts their browser settings to block, reject or delete these functions, the webpage may not function in an optimal manner. Yellow Ladybugs may also collect information about a person’s IP address, although this may not identify that person. The security of personal information is important to Yellow Ladybugs and it uses the recommended industry standards when storing and dealing with personal information. We use a secure server using the latest SSL (secure sockets layer) encryption technology to process any financial transactions. The steps Yellow Ladybugs takes to secure the personal information it holds include: for information and data management can be built:

  • website protection measures (such as encryption, firewalls and anti-virus software)
  • access restrictions to computer systems (such as login and password protection)
  • restricted access to office premises
  • staff and volunteer training and implementation of policies and procedures that cover access, storage and security of information.

Accessing third party website Links to third party websites that are not operated or controlled by Yellow Ladybugs are provided for the Yellow Ladybugs community’s convenience. Yellow Ladybugs is not responsible for the privacy or security practices of those websites. Third party websites should have their own privacy and security policies, which Yellow Ladybugs encourage its community to read before supplying any personal information to them.

Accessing personal information Yellow Ladybugs holds and correcting that information if required

Accessing personal information

If a person seeks to request access to personal information Yellow Ladybugs holds about them, that person should make the request in writing to Yellow Ladybugs Secretary at accounts@yellowladybugs.com.au. Yellow Ladybugs will require the person to verify their identity and specify the information that they are seeking. Yellow Ladybugs will process any request with a reasonable timeframe (usually within 30 days). There is no fee for requesting access to personal information, however there will be an administration fee of $25 to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested. If the request for access to personal information is voluminous, Yellow Ladybugs reserves the right to charge an additional fee to cover any costs over and above the standard administration fee. Under some circumstances Yellow Ladybugs may not be able to provide an individual with access to the personal information held. If Yellow Ladybugs is unable to provide access to an individual’s personal information, it will provide a full explanation as to why.

Accuracy of personal information

Yellow Ladybugs accepts no responsibility for the veracity, integrity, currency or accuracy of information collected and subsequently stored and used by Yellow Ladybugs for its purposes. Yellow Ladybugs will take reasonable steps to ensure that personal information is up to date before use or appropriate disclosure. If any person learns that the personal information Yellow Ladybugs holds is inaccurate, that person should inform Yellow Ladybugs. Yellow Ladybugs will correct the information. Breaches or complaints about the management of people’s information and data Personal enquiries, feedback comments or concerns about the Yellow Ladybugs Privacy Policy or Yellow Ladybugs Privacy Statement should be directed to the Yellow Ladybugs Secretary at accounts@yellowladybugs.com.au. If there are any concerns regarding Yellow Ladybugs breaching its Privacy Statement or Privacy Policy, an individual can make a complaint through the contacts above. Yellow Ladybugs will act promptly to respond to a complaint.

Risks with managing people’s information

Collecting, storing and using people’s information and data comes with risks. The risks that come with information and data management include:

  • inappropriate use or disclosure of a person’s information or data
  • inadequate processes or training for staff handling people’s information or data
  • loss of a person’s information or data, either physical or digital
  • information or data about a person stolen, either physically or digitally
  • the policies and practices of external service providers used to manage people’s information or data
  • failure to comply with applicable laws
  • failure of physical management systems
  • malicious external cyber-attacks (e.g. hacking or malware)

Yellow Ladybug’s reputation is particularly vulnerable to the consequences of failing to mitigate the risks with information and data management. Poorly managing people’s information and data, even inadvertently, leaves Yellow Ladybugs vulnerable to outcomes which are likely to have a detrimental effect on its reputation and public support. Importantly, management includes the oversight of any external service providers Yellow Ladybugs contracts to manage people’s information and data. While Yellow Ladybugs can outsource this work, it cannot outsource the responsibilities that come with it.

Review

Yellow Ladybugs may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to Yellow Ladybugs’ operations and practices and to make sure it remains appropriate to the changing legal environment

Further information

Office of the Australian Information Commissioner:

Keep up to date with us

Socials

Yellow Ladybugs respectfully operates on Wurundjeri Woiwurrung land of the Kulin Nation, and we would like to take this opportunity to acknowledge, recognise and respect the Traditional Owners of Country and their continuing connection to lands, waters, and communities.

We honour this privilege and pay our respects to Aboriginal and Torres Strait Islander cultures; and to Elders past and present.

Copyright © 2023 Yellow Ladybugs   |   ABN 19 135 641 759