Privacy Policy
1 Introduction
Suited to Success Ltd (“STS”, “we”, “our” or “us”) is a Public Company Limited by Guarantee under the Corporations Act (2001) and a Public Benevolent Institution (PBI) with Deductible Gift Recipient (DGR) status which offers business clothing and support to Queenslanders helping them to build employability skills and confidence to thrive in life and work. STS programs include the Dress for Success® Brisbane (DFSB) styling service for women.
The Board of STS is committed to protecting the privacy of personal information that we collect, hold and administer relating to all STS activities and the programs and services that we provide.
We recognise the essential rights of individuals to have their information administered in ways that they would reasonably expect, namely protected but made accessible to them. These privacy values are reflected in and supported by our core values and in this Privacy Policy. The way we manage your personal information is governed by the Information Privacy Act 2009 (Privacy Act) and the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth).
Under our Privacy Policy, we will:
Collect only personal information which we need for our main functions
Ensure that stakeholders are informed about why we collect the information and how we administer
Use and disclose personal information only for our main or related functions or for other purposes with the person’s consent
Store all personal information securely, protecting it from unauthorised access
Provide stakeholders with access to their own information on request and the right to seek its correction
For the purposes of this Privacy Policy, "personal information" is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.
This Privacy Policy explains how we manage the personal information we hold about you. Please note that this Privacy Policy is to be read subject to any overriding provisions of law or contract.
The Board of STS is responsible for establishing and regularly reviewing this policy, monitoring changes in Privacy legislation and revising this policy when needed.
The CEO is responsible for the implementation of this Policy.
2 Collecting personal information
2.1 What kinds of personal information do we collect?
We will only collect personal information that is relevant to your relationship with us. The types of personal information we may collect include, but are not limited to:
your name (current and any previous) and date of birth;
your personal and/or business contact details (including your address, landline or mobile telephone numbers, fax number and e-mail address);
your employment details (including your company name, job title and business sector);
banking details required for payments or donations (no credit card details are stored on our servers),
tax and superannuation fund details (including your tax file number and ABN if applicable);
personal information provided when you commence a relationship with us;
personal information provided when you seek employment or volunteer opportunities with us, or after you commence;
contact and identification details of any third party that you have authorised to negotiate or provide your personal information on your behalf (including any attorneys appointed by you under a power of attorney);
any correspondence between you and us;
digital images such as photos and videos; and
any other personal information provided to us when you make an inquiry, request information, respond to marketing or lodge a complaint.
In many cases personal information is collected for the purpose of providing a Government or third party funded client service with collated pooled statistics that do not identify individuals to demonstrate that criteria for the service are met. These include:
date of birth and age;
gender;
language;
cultural background;
employment history;
health information;
next of kin details;
financial information; and
government benefit information.
2.2 How do we collect personal information?
Where possible, we will always try to collect personal information directly from you, for example when you:
request information or contact us through our website or by telephone;
correspond with us in writing (such as letters and emails);
provide your business card or other documents to us (such as identification information or your resume); or
meet with us in person.
We may also obtain your personal information from third parties, such as:
support agencies;
government agencies;
our professional advisers;
our contracted service providers; and
any other organisation with whom we do business.
3 Dealing with us anonymously
In general, you can visit our website or social media pages without telling us who you are or revealing any personal information about yourself. Our web servers collect the domain names, not the e-mail addresses, of visitors. However, there are parts of our website where we may need to collect personal information from you for a specific purpose, such as to provide you with certain information you request. We do this through the use of online forms, emails, or other communication methods (i.e. over the telephone, by fax or by mail).
4 Why do we collect, hold, use and disclose your personal information?
We only collect and use personal information that is relevant to our dealings with you. We may need to disclose that personal information to other entities to enable us to provide the services, products and information you request, and to perform our functions and activities. In particular, we may collect, use and disclose your personal information for the purposes of:
responding to your requests or inquires and providing you with any information or other services requested by you;
processing and recording payments or donations;
providing written acknowledgement of your interaction with or support of STS;
collating statistics of a general nature;
providing a service in accordance with third party funding contracts
assessing your application for employment;
your employment or volunteering relationship with us;
your business or other relationship with us;
promoting STS and its program, including direct marketing, social media, post and email, phone;
where necessary, updating and maintaining our records;
making our website easier for you to use and providing you with access to all parts of our website;
notifying you about important changes or developments to our functions, activities, services or our website;
administering, supporting, improving and developing our business and services;
any other purpose which relates to or arises out of requests made by you;
if you lodge a complaint with us, processing and responding to your complaint;
doing anything which you authorise or consent to us doing; or
taking any action we are required or authorised by law to take.
5 Disclosing your personal information
Although STS will not disclose your personal information unless it is necessary, we may need to disclose your personal information to:
our employees;
our volunteers;
our business partners and service providers (such as contractors who provide website, IT, marketing, administration and other services to support STS);
suppliers we engage for data processing and other administrative and support functions;
our professional advisers (for example, our insurers, auditors, lawyers and consultants);
third parties we engage to carry out promotions or other activities you have requested, or for direct marketing purposes;
third party funding agents for the services we provide, including Government and philanthropic organisations;
third parties we engage to comply with legal requests in relation to any legal proceedings or potential legal proceedings, and to establish, exercise or defend STS’s legal rights;
any entity to whom we are required or authorised by law to disclose your personal information (for example, law enforcement agencies and government and regulatory authorities).
The above entities may in turn disclose your personal information to other entities as described in their respective privacy policies or notices.
We will only use personal information including digital images for marketing and promotional purposes where the person would reasonably expect it to be used for this purpose, and written consent has been obtained.
6 Dealing with STS online
This Privacy Policy applies to your use of our STS website (http://suitedtosuccess.org ) and other social media platforms such as Facebook, Twitter, Instagram and LinkedIn, and any personal information that you may provide to us via these channels. We believe it is important for you to know how we treat this personal information and how we carry out data processing practices through the use of the Internet and any other electronic communications networks.
When you visit the STS website or social media pages, we and/or our contractors may collect certain information about your visit. Examples of such information may include:
Cookies - Cookies are small amounts of information which we may store on your computer (after you register on our website) to enable our server to collect certain information from your web browser. Cookies in themselves do not identify the individual user, just the computer used. Cookies and other similar technology make it easier for you to log on to and use the website during future visits. It also allows us to monitor website traffic, to identify you when you visit this website, to personalise the content of the website for you and to enable you to both carry out transactions and have access to information about your account. Cookies themselves only record which areas of the site have been visited by the computer in question, and for how long. Allowing us to create a cookie does not give us access to the rest of your computer and we will not use cookies to track your online activity once you leave our site. Cookies are read only by the server that placed them, and are unable to execute any code or virus; and
Site visit information - we collect general information about your visit to the STS website and social media platforms. The information we collect is not used to personally identify you, but instead may include your server address, the date and time of your visit, the pages you accessed and the type of internet browser you use. This information is aggregated and used for the purposes of system administration, to prepare statistics on the use of our website and social media platforms to improve its content.
Our website and social media pages may contain links to other websites and social media pages which are outside our control and are not covered by this Privacy Policy. If you access other websites and social media pages using the links provided, the operators may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.
Each electronic direct marketing communication with an individual will contain a notice that allows the individual to indicate if they wish to unsubscribe so that they do not receive any further communications.
7 Data storage, retention, security and location of your personal information
We (and our third-party suppliers) will take reasonable steps to protect your personal information from loss, misuse, unauthorised access, modification or disclosure. We may store your personal information in different forms, including in hard copy and digital format. We have implemented policies, procedures and systems to keep your personal information secure and prevent any data breaches.
When your personal information is no longer required by law, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner. Unless required otherwise, STS policy is to retain documentation for 7 years. This includes personal information in hard copy or digital format as well as on laptops and mobile phones when they are decommissioned.
8 Notifiable data breaches
Under the Notifiable Data Breaches (NDB) scheme, STS must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to an individual whose personal information is involved.
A data breach occurs when personal information held by STS is lost or subjected to unauthorised access or disclosure such as when:
a) a device with personal information is lost or stolen;
b) a database with personal information is hacked
c) personal information is mistakenly given to the wrong person
A notifiable data breach occurs when:
d) there is unauthorised access to or disclosure of personal information held by STS, or personal information is lost in circumstances where unauthorised access or disclosure is likely;
e) this is likely to result in serious harm to the individuals whose data has been breached; and
f) STS has been unable to prevent the likely risk of serious harm through remedial action.
STS will have a Data Breech Response Plan in place including:
a) Reporting to the OAIC through submission of the online Notifiable Data Breach form at https://forms.business.gov.au/smartforms/servlet/SmartForm.html?formCode=OAIC-NDB
b) Advice to you with recommendations about the steps you should take.
9 Access and correction
To effectively manage our relationship with you, it is important that the personal information we hold about you is complete, accurate and current. While we take all appropriate measures to ensure that your personal information is correct, you will need to advise us if your personal information changes so that we can update your personal information.
If you believe that any of the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading and needs to be corrected or updated, please contact us as detailed below. We will respond to a request to correct your personal information within a reasonable period of time. If we refuse to correct your personal information, you may request that we add a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
You may also contact us as detailed below in relation to accessing to the personal information we hold about you. We will respond to a request for access within a reasonable period of time, either by giving you access to the personal information requested, or by notifying you of our refusal to give access. If we cannot respond to you within a reasonable period of time, we will contact you and provide a reason for the delay and an expected timeframe for finalising your request.
We will not charge you an application fee for making a request to access the personal information we hold about you or for making any corrections to your personal information. We may ask you to verify your identity before responding to any request.
If we decide not to provide you with access to or correct your personal information, we will give you reasons for our decision.
10 Lodging a complaint
If you have concerns about how we handled your personal information please contact us as detailed below. Any formal complaint will need to be lodged in writing to the Company Secretary, STS by email to privacy@suitedtosuccess.org.
We will acknowledge receipt of your complaint as soon as possible and will investigate the circumstances and provide you with a response within a reasonable timeframe.
11 Contacting us
We welcome your questions and feedback about this Policy. You can contact us about our handling of your personal information or any of the matters covered in this Policy:
by post at: Suited to Success Ltd, Suite 2, 47 Anderson Street, Fortitude Valley QLD 4006
by email: privacy@suitedtosuccess.org
by phone: 07 3216 1969
12 Changes to this Policy
This Policy is approved by the STS Board and reviewed every 2 years. STS reserves the right to revise or supplement this Privacy Policy from time to time.
Any updated version of this Privacy Policy will be posted on our website http://suitedtosuccess.org and will be effective from the date of Board approval. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Policy and so you are aware of the way we handle your personal information.