KCLS recognises the importance of protecting your privacy, and is committed to upholding our responsibilities under the Privacy Act 1988 and the Australian Privacy Principles. This policy sets out what personal information KCLS gathers and how it is used.
What is "personal information"?
"Personal information" is information that identifies or can be used to identify an individual, whether the information is true or not and regardless of how it is collected.
Examples of personal information include a person's contact details, their ethnicity, political or religious affiliations or beliefs, memberships, and health and criminal records.
Personal information that we collect and why we collect it
KCLS collects personal information to:
- deliver legal and support services to our clients;
- comply with legal and contractual obligations, such as requirements by government funding bodies to report information;
- provide information and engage with our members and supporters;
- participate in collaborative advocacy and reform projects; and
- operate our service generally, for example by employing staff, operating accounts and collaborating with other organisations.
The types of personal information that KCLS collects include:
- Information for identification purposes, such as names, dates of birth, driver’s license numbers and contact details (including address, phone numbers and email addresses).
- Information about our clients needed to assess eligibility for our services and to deliver those services. This includes a wide range of information including, depending on the client's circumstances, demographic and family details, living arrangements, financial and health details, bank accounts and Centrelink details, and facts related to the client's legal matter and/or support needs. All information about our client's is kept strictly confidential, and is covered by our professional duty as a legal practice to maintain confidentiality for our clients.
- Information about employees, volunteers and others involved in our organisation and operations. This may include, for instance, information needed for payroll, other human resource records, and personal contact information.
- Information about donors and supporters, including contact details and banking/credit card details. All payment card details are handled in strict compliance with the Payment Card Industry Data Security Standard.
Some of this information is highly sensitive, such as details about court proceedings or health and financial records. We only collect this information with your consent and will only use this information for the reasons we have explained.
You may choose not to provide us with personal information. However, without all the information we need, we may not be able to provide you with the full range of services you require or are eligible for.
We may send you direct marketing communications and information about the work we do. This may be done by telephone, post, email or SMS. We will endeavour to use the method that you most prefer and, at any time, you may opt-out of receiving marketing materials by contacting us.
How we collect personal information
We generally collect your personal information from you directly, for example, when you fill in an application form or when we meet with you. Sometimes it may be necessary for us to collect your personal information from a third party, for example, from Centrelink or a support agency, or from external organisations that assist us with fundraising. We will always seek a client's consent before collecting information from third parties.
We may also collect personal information about you from your use of our websites and information you provide to us through online requests, surveys, petitions or other online platforms.
How we hold personal information
We may store your personal information in hard copy or electronic format, in storage facilities that we own and operate ourselves, or that are owned and operated by third parties. We take all reasonable measures to ensure the privacy and security of your information, including physical and technical security controls, such as locks, passwords and restricted access.
When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information. However, most of the information stored in client files will be kept by us for a minimum of 7 years.
When we might disclose personal information
We may share your personal information to others in the following circumstances:
- When you as a client have provided consent for information to be shared, such as to support agencies, someone representing you, because you have applied for some service or benefit, or in the process of legal proceedings.
- When we are required to do so by law.
- Where you have consented to the disclosure.
- When we have strong reason to believe that you or another person is in serious and imminent harm.
- When necessary for the purpose for which the information was collected - for example, providing your information to a financial institution where necessary to process a donation you have agreed to make to us.
When we do share your personal information, we will endeavour to ensure that the recipients are under an obligation to maintain the confidentiality of that information as appropriate.
We will not provide your personal information to other organisations for the purposes of direct marketing for other organisations.
Gaining access to personal information we hold
You may request access the information that we hold about you and correct any errors by contacting us. We will respond to your request in a timely manner, no later than 30 days after the request is made. In some cases, we may be legally obliged to restrict access. We will not charge a fee for responding to a request to access your personal information.
We will take reasonable steps to make sure that your personal information is accurate and up-to-date. If you find that any information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records.
Making a complaint
If you have a privacy complaint, you may contact us directly and the matter will be responded to promptly. You are also able to lodge a complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au).
This policy may change from time to time and is available on our website.