Bloom Asia | ABN: 84 612 800 772
This policy applies to Bloom Asia including its overseas offices in Cambodia and the Philippines.
We do not sell your data to third parties. Bloom Asia treats all information collected as if it were private. We do not sell the information to anyone, including other charitable organisations that assist families or individuals, and we do not use your data for our own purposes, except as outlined in this policy.
We may share some data with trusted service providers in order to manage and improve our services. We may from time to time use a number of third-party service providers; for example, we may use Google Analytics to track visits to our websites, or Facebook Pixel to track the effectiveness of our posts. These service providers are located outside of Australia and therefore the data we pass to them will be processed outside of Australia.
Data is stored on servers located in Australia and in the cloud, therefore data collected by us is stored on servers located in Australia and in the cloud.
We will comply with all Australian laws. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also need to access data to prevent potentially illegal activities and to screen for undesirable or abusive activity. For example, we have an automated virus scan that checks all file attachments.
In the event of a data breach or privacy incident, we will follow the requirements under the Notifiable Data Breaches Scheme. At Bloom Asia, we are committed to best practice data management across the information life cycle. In the event of a data breach, Bloom Asia will take immediate steps to contain the breach, assess the breach, remedy the breach and, if necessary, revise any data policies or processes to ensure similar issues do not arise in the future.
‘Bloom Asia, ‘we’, ‘us’ and ‘our’ mean the organisation carrying on business under the name Bloom Asia, including Bloom Raintree and Bloom Life Training Philippines;
‘Personal information’ means any information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information;
‘Sensitive information’ is a subset of personal information and means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information, including “sensitive information” as defined in the Privacy Act 1988 (Cth).
WHO DOES THIS POLICY APPLY TO?
Bloom Asia services and its website (bloomasia.org) may be used by a wide range of groups and individuals. These include but are not limited to staff, volunteers, donors, social services, beneficiaries, suppliers and members of the public. The privacy provisions in this policy apply to all service and website users.
We will not share your data with another party, except where we are legally compelled to provide it to a third party (e.g. provide information set out in a valid subpoena to authorities during the investigation of a criminal offence), or
We have engaged a trusted service provider to assist us with a particular transaction (e.g. provision of a donation software platform for fundraising appeals or a financial institution for payment processing).
We will never sell your data to a third party.
Generally, we use the information we collect from you only in connection with providing our services. However, there are some other limited uses, as listed below.
HOW IS THIS PERSONAL INFORMATION COLLECTED?
Generally, we collect your personal information from you directly. Bloom Asia collects personal information in a number of ways including:
- through our website (including when an individual chooses to donate through the Bloom Asia website or subscribes electronically to publications);
- when individuals correspond with us (including by letter, email or phone);
- in person.
Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information when you donate to us via a third party. We may also collect personal information about you from your use of our website and information you provide to us through contact mailboxes or through the registration process on our websites, Twitter or Facebook.
If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information.
WHAT PERSONAL INFORMATION DOES BLOOM ASIA COLLECT FROM INDIVIDUALS?
The kind of personal information that Bloom Asia collects about individuals depends on the type of dealings they have with Bloom Asia. For example, if a person:
- Donates items to Bloom Asia: Bloom Asia may collect their name, organisation, and contact details.
- Donates money to Bloom Asia: Bloom Asia will collect their name, organisation, contact details, the amount and frequency of their donation, and hold records relating to their donation, including payment and billing information.
- Purchases items from the Bloom Asia website: Bloom Asia will collect their name, organisation, contact details, shipping address, the items purchased and payment and billing information.
- Registers for Bloom Asia newsletters and exclusive offers: Bloom Asia may collect their name, organisation, contact details and details about the registration.
- Sends Bloom Asia an enquiry: Bloom Asia may collect their name, contact details and nature of the enquiry.
- Makes a complaint: Bloom Asia may collect their name, contact details, the details of their complaint, information collected in any investigation of the matter and details of the resolution of the complaint.
- Applies for a job or volunteer role at Bloom Asia: Bloom Asia may collect the information of individuals included in their application, including their cover letter, resume/ CV, contact details and referee reports, their tax file number and other identifiers used by government entities or other organisations to identify individuals, information from police checks, working with children checks (or similar), and information about their right to work in Australia or overseas.
Bloom Asia must only collect sensitive information where it is reasonably necessary for its functions or activities and either:
- the individual has consented; or
- Bloom Asia is required or authorised by or under law (including applicable privacy legislation) to do so.
If an individual does not wish to provide their personal information to Bloom Asia, in general, it will not be possible for Bloom Asia to deal with an individual in this way. The exceptions being individuals not identifying themselves or using a pseudonym when:
- Receiving services or assistance from Bloom Asia;
- donating goods to Bloom Asia directly or through another party;
- dealing with Bloom Asia (when viewing the Bloom Asia website or when making a general phone enquiry); and/or
- donating money to Bloom Asia - but in these circumstances, Bloom Asia may not be able to issue a tax-deductible receipt.
WHY DOES BLOOM ASIA COLLECT PERSONAL INFORMATION?
The main purposes for which Bloom Asia collects, holds, uses and discloses personal information include:
- to provide services or assistance to individuals and/or their family
- to maintain contact with our volunteers
- for administrative purposes
- for purposes of organising collections of donations
- to request for, and send thanks for, the donations of financial gifts, goods or services
- to respond to requests for material aid from social service agencies
- for the engagement of service providers, contractors or suppliers relating to the operation of our organisation, or
- for other organisational purposes.
Bloom Asia may also use your personal information for the purpose of emailing you our newsletters or posting you a thank-you note.
If you donate money or goods in kind we may add you to our email distribution list, so that you receive updates and reports on the impact of your giving and other opportunities to support again. We may also use your personal information to send direct marketing messages or conduct telemarketing related to the activities of Bloom Asia.
If you are a recipient of material aid from Bloom Asia your details will not be added to our email distribution list.
If you do not want to receive any communication from us, please contact us at [email protected]. You can also use the unsubscribe function to opt out of our electronic communications. If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing the material aid required.
HOW DOES BLOOM ASIA STORE MY PERSONAL INFORMATION AND IS IT SECURE?
Bloom Asia holds personal information in a number of ways, including in hard copy documents, electronic databases, and email contact lists.
We take reasonable steps to:
- ensure the personal information that Bloom Asia collects and uses is accurate, up to date and (in the case of use) relevant;
- protect the personal information that is collected from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs, subject to other legal obligations and applicable retention requirements.
While Bloom Asia will endeavour to always exercise due care in collecting and using personal information, it cannot guarantee that unauthorised access to individuals’ personal information will not occur. In the event of a data breach or privacy incident, Bloom Asia will follow best practice processes and ensure that the breach is contained and remedied and any policies and processes are updated if necessary. Further details on Bloom Asia’s approach are set out in the section below.
Bloom Asia takes the following steps to secure the personal information that it collects:
- website protection measures (including encryption, firewalls and anti-virus software);
- security restrictions on computers and electronic data access (including login and password protection);
- operational processes aimed at minimising the risk of a data breach (secure cabinets for hard copy documents, encrypted USBs etc...)
- controlled access to Bloom Asia premises; and
- related policies on data governance and processes relating to information security (including restricting the use of personal information to Bloom Asia employees or volunteers).
WHAT STEPS DOES BLOOM ASIA TAKE WHEN THERE IS A DATA BREACH OR PRIVACY INCIDENT?
A data breach or privacy incident may result from unauthorised people accessing/disclosing, changing, losing or destroying personal information. Examples of situations where a data breach or privacy incident may occur include:
- accidental download of a virus on to a Bloom Asia computer;
- discussing or sharing of personal information on Facebook;
- non-secure disposal of hard copies of personal information (e.g. not keeping hard copies in secure cabinets or not disposing of them in a secure bin/shredder);
- leaving an unlocked smart phone on public transport.
A data breach or privacy incident can occur due to human error or technical failures, can be accidental or deliberate and can apply to information in a number of forms (e.g. electronic as well as hard copy).
In the event of a data breach or privacy incident, Bloom Asia will respond in the following way which is in line with the Notifiable Data Breaches Scheme in the Privacy Act 1988 (Cth):
- the breach/incident will be identified and reported to the Privacy Officer(s) at Bloom Asia;
- the breach/incident will be contained so further access/disclosure/loss etc will not arise;
- the seriousness of the breach/incident will be assessed between the relevant personnel together with the Privacy Officer(s) at Bloom Asia;
- regardless of the seriousness of the breach or incident, remedial action will be taken to reduce any potential harm to individuals;
- in cases where serious harm is likely, Bloom Asia will notify the relevant individuals, the OAIC, and issue a public statement that will be made available on its website;
- following each breach/incident, Bloom Asia will conduct a review of policies and processes and make any adjustments to avoid further breaches and incidents of a similar nature.
Cookies: “Cookies” (i.e. small text files placed on your computer when you first visit the site) are used on Bloom Asia websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. Cookies are primarily used to enhance your online experience. If you visit our website to read or download information, such as news stories or articles, much of the information we do collect is statistical only (e.g., the domain from which you access the internet, the date and time you access our site, and the internet address of the website from which you linked directly to our site) and not personally identifiable. We use this information about the number of visitors and their use of the sites in aggregate form to make our sites more useful and attractive to you.
Google Analytics and Facebook Pixel: Bloom Asia uses these tools on its website and social media pages to track the effectiveness of its content. These tools allow us to provide measurement services and target content.
Links to third party websites: The Bloom Asia website may contain links to third party websites, including sites maintained by businesses who provide us with financial support and donations for goods-in-kind. Those other websites are not subject to our privacy policies and procedures. You will need to review those websites directly to view a copy of their privacy policies. Bloom Asia does not endorse, approve or recommend the services or products provided on those third-party websites.
WHO CONTROLS THE DATA AND HOW DO I ACCESS IT OR CORRECT IT?
A data controller means the legal entity or person with the right to make decisions regarding the purposes, and the methods, of processing data. This includes the security measures concerning the operation and use of the data.
Where Bloom Asia is the data controller, you can request access to the personal information we hold about you, or request that we change that personal information to correct it if you believe it is inaccurate, incomplete or not up-to-date.
We will allow access or make the changes to the personal information within a reasonable timeframe, unless we consider that there is a sound reason under any relevant law to withhold the information, or not make the changes.
If we do not agree to make your requested changes to personal information, you may make a statement about the requested changes and we will attach this to the record.
If you wish to have your personal information deleted, please contact us and we will delete that information wherever practicable.
You can obtain further information about how to request access or changes to the information we hold about you by contacting us (see contact details below).
DOES BLOOM ASIA DISCLOSE INFORMATION TO SERVICE PROVIDERS OR PEOPLE OUTSIDE OF AUSTRALIA?
Bloom Asia uses a small number of service providers to handle specific types of data that we collect. Some of these service providers are located outside Australia and use servers outside Australia and/or in the cloud, including Facebook and Google, which are both based in the United States.
HOW TO CONTACT US OR MAKE A COMPLAINT
Email: [email protected]
Phone: +61 411 278 019
Letter: Attention Privacy Officer, Bloom Asia, PO Box 1639 Sunnybank Hills Qld 4109, Australia.
We will respond to your request usually within 48 hours and, at a maximum, within 30 days of receiving it, and treat seriously any claims of privacy breaches.