Sunrise Foundation Ltd

Privacy Policy

Sunrise Foundation Ltd (“Sunrise”, “we”) is committed to handling Personal Information in a lawful manner that protects people and supports the community’s trust.

This Policy sets out the principles that Sunrise must follow when handling Personal Information, to ensure compliance with its obligations under the Privacy Act 1988 (Cth) and other applicable laws, regulations, industry standards and contractual obligations.

1.1 Purpose

This Policy, and the handling of Personal Information by Sunrise, must be consistent with the requirements of the Australian Privacy Principles, and must ensure that Sunrise:
  1. Is transparent about the way it handles Personal Information and the reasons why it is collected.
  2. Only collects, uses and discloses Personal Information if necessary to perform its functions or activities.
  3. Takes reasonable steps to keep Personal Information secure.
  4. Conducts activities in accordance with this Policy and appropriate procedures.

1.2 How Sunrise collects and uses Personal Information

  1. Personal Information is information that identifies a person (or could reasonably lead to them being identified). The Personal Information that Sunrise collects depends on the service, product, activity or program you are looking at or are participating in. Sunrise only collects the minimum amount of information needed to perform its functions and activities, meet its obligations and to support you.
  2. Some programs or services offered by Sunrise may require collection of Sensitive Information. Sunrise will seek your consent when collecting Sensitive Information.
  3. The sections below outline when Sunrise collects information, the types of information we collect, and how we use that information depending on the way you interact with Sunrise.
  4. When reading this Policy, please keep in mind that depending on how you interact with Sunrise, Personal Information may be collected over the phone, by email, by secure file sharing, via websites, via client portals, by social media, in writing or face-to-face:
    1. Directly from you.
    2. From third parties, including:
      1. Your guardian or a family member.
      2. Health professionals such as your doctor or your social worker.
      3. Government agencies, other service providers or partner organisations.
      4. Social media platforms (e.g., Instagram) or workplace giving platforms.
      5. Suppliers who provide services to Sunrise, including but not limited to, program service delivery providers, recruitment agencies, IT platform providers, police check provider and visa check provider, marketing or fundraising agencies.
    Note: If you have any questions or concerns regarding your privacy, or if you would like to make a complaint, please contact the Privacy Officer on +61 2 9159 6177 or email privacy@sunrisefoundation.com.au. For other options, please see section 1.9 of this policy.

1.3 Who Sunrise shares your Personal Information with

  1. Sunrise will take reasonable steps to ensure that Sunrise People and its contractors and Suppliers will only access your personal information on a ‘need-to-know’ basis.
  2. In some situations, Sunrise may disclose or share your Personal Information with people outside of Sunrise.
  3. Where practicable, Sunrise will explain the reasons for disclosing your Personal Information before doing so. Sunrise may share your personal information with other people if you have agreed or would expect it (or if Sunrise is required or authorised by law to share your information or if it is necessary to keep someone safe).

1.4 Remaining anonymous

You can choose to remain anonymous and not provide your Personal Information when dealing with Sunrise. However, there are some instances where Sunrise is unable to provide programs, services or opportunities to you without obtaining Personal Information to verify your identity and progress program applications.

1.5 Storing and securing Personal Information (including overseas disclosures)

  1. To ensure your Personal Information is appropriately protected, Sunrise stores Personal Information within Australia or within jurisdictions that have comparable privacy laws where practicable. Whilst principally, the IT systems and applications used by Sunrise are hosted in Australia, some applications are hosted overseas in USA, EU regulated Europe, Greece, Armenia and Japan.
  2. Sunrise may also disclose Personal Information to dedicated offshore personnel located outside Australia who it engages to provide specific support services to perform its functions and activities, in Philippines and Sri Lanka. When Sunrise discloses Personal Information to a person or entity located overseas, Sunrise will take reasonable steps to ensure that the person or entity handles your information in accordance with Australian privacy laws.
  3. Sunrise uses Suppliers to store specific types of Personal Information (such as analytics and credit card information) on its behalf. Personal Information stored by Suppliers relates directly to their functions and services and is stored in accordance with the contract with these Suppliers.
  4. Sunrise holds Personal Information in hard copy and electronic forms. Sunrise uses a range of technological, operational and physical measures to protect Personal Information, including (but not limited to):
    1. Education and training to ensure Sunrise People understand their obligations when handling Personal Information.
    2. Technological security measures, including firewalls, encryption of Personal Information during transit and at rest, anti-virus software, access controls, and multi-factor authentication (where possible).
    3. Physical security measures, such as security passes to access offices.

1.6 Retaining Personal Information

  1. Sunrise keeps Personal Information for as long as it is needed for the purpose it was collected or for another lawful purpose.
  2. Sunrise is committed to securely destroying or de-identifying Personal Information where it is no longer required for the purpose it was collected or for another lawful purpose such as record-keeping.

1.7 Accessing, correcting and deleting your Personal Information

  1. Sunrise supports your rights to:
    1. Access your Personal Information.
    2. Correct your Personal Information (where it is inaccurate, incomplete or out of date).
  2. You may also request Sunrise to delete your Personal Information. Sunrise may not be able to delete your information if it is legally or contractually required to keep your Personal Information.
  3. Please contact the Privacy Officer to request access to, correction or deletion of, your Personal Information:
    1. Email: privacy@sunrisefoundation.com.au
    2. Post: C/- Privacy Officer, PO Box R1438, Royal Exchange NSW 1225
    Note: Sunrise will only provide Personal Information to the individual which the Personal Information relates (unless you permit us or there is a lawful ability or requirement to provide it to someone else). Before processing your request, you will be required to verify your identity.

1.8 Data Incidents

  1. Sunrise will promptly investigate and respond to data incidents upon becoming aware of unauthorised access, disclosure of, or loss of Personal Information.
  2. If a data incident occurs that is likely to result in serious harm to one or more individuals, Sunrise will promptly notify people affected by the data incident and notify the Office of the Australian Information Commissioner (OAIC), in accordance with all applicable laws.

1.9 Who should you contact if you have further questions or concerns?

  1. If you have any questions or concerns regarding your privacy, you can contact the Privacy Officer by:
    1. Email: privacy@sunrisefoundation.com.au
    2. Telephone: +61 2 9159 6177
    3. Post: C/- Privacy Officer, PO Box R1438, Royal Exchange NSW 1225
  2. If you are not satisfied after asking a question, raising a concern or complaint with the Privacy Officer, and you want to escalate your concern, you should do so in writing addressed to the attention of the Charity Manager by email to info@sunrisefoundation.com.au or post to Charity Manager, PO Box R1438, Royal Exchange NSW 1225.
    Note: The Charity Manager may take any steps that they determine are appropriate in the circumstances (including referring the matter to a committee of the Board) or deciding not to take any further action.
  3. While Sunrise prefers to receive, assess, and respond to any privacy concerns directly to enable us to assess and take appropriate corrective action as quickly as possible, if you believe that Sunrise has not adequately handled your privacy complaint, you may complain to the Office of the Australian Information Commissioner (OAIC).
    Note: The Charity Manager may take any steps that they determine are appropriate in the circumstances (including referring the matter to a committee of the Board) or deciding not to take any further action.

1.10 Definitions

  • Sunrise

    Sunrise Foundation Ltd, and for the purposes of this Policy. References to “we” in this Policy refer to Sunrise.

  • OAIC

    Office of the Australian Information Commissioner

  • Personal Information

    Has the same meaning as defined in the Privacy Act 1988 (Cth), being information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether it is recorded in a material form or not (i.e., in writing).

  • Sunrise People

    As the context requires, all employees, volunteers, and members of Sunrise.

  • Sensitive Information

    Has the same meaning as defined in the Privacy Act 1988 (Cth), being:

    • Information or an opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs for affiliations, philosophical beliefs, membership of a professional or trade associations, membership of a trade union, sexual orientation or practices, criminal record
    • Health information about an individual
    • Genetic information about an individual that is not otherwise health information
    • Biometric information that is to be used for the purposes of biometric verification or biometric verification
    • Biometric templates

  • Supplier

    Third party suppliers including program delivery suppliers engaged by Sunrise to provide services to or on behalf of Sunrise.

Download document

Enter your email before downloading this document

Compare