This Privacy Policy explains how the Foundation for Young Australians (ABN 26 092 744 968) (FYA) collects, uses, discloses and otherwise handles personal information and your rights in relation to the personal information we hold about you.

We aim to be open and transparent in how we manage personal information. If you have any questions about this Privacy Policy or feedback on how we might improve it, please contact us on the details below. You can also request a hard copy of this policy using the details below.

Contacting us

Privacy Officer
Foundation for Young Australians
Mail: GPO Box 239, Melbourne, Victoria 3001
Telephone: +61 3 7046 3837

Collection of personal information

What is personal information?
‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

What kinds of personal information do we collect and hold?
We collect and hold a range of personal information necessary to carry out our activities and functions. The kinds of personal information that we collect and hold about you will depend upon the nature of our relationship with you.

The personal information we typically collect includes:

  • personal details (such as your name, age, date of birth, gender, the educational institution you attend and your school year level);
  • contact details (such as your phone number, email address, postal address, post code);
  • your image (such as photos and video recordings);
  • any languages other than English that you may speak; and
  • other personal information that you provide to us (such as when you respond to an invitation to attend an event).

For our employees and volunteers, we may collect additional relevant information including:

  • information contained in resumes;
  • educational details, academic and other transcripts, employment history, skills and background checks;
  • references from past employers and referees;
  • information collected during the interview or assessment process; and
  • personal information required to make payments, such as bank account details, tax file number and superannuation details.

If you are an employee, contractor or representative of an organisation or educational institution that we deal with, we may also collect:

  • your job title or details of your role within the organisation;
  • your contact details at the organisation (such as your office phone number or email address); and
  • any other information necessary to manage and administer our relationship with you as a representative of your organisation or institution.
What is sensitive information?

Some personal information, such as information relating to racial or ethnic origin, religious beliefs or affiliations, health information (including mental health information and information about a disability), genetic information and whether or not you have a criminal record is sensitive and requires a higher level of protection. We will only collect your sensitive information if we have your consent and the collection is reasonably necessary for us to carry out one or more of our functions or activities.

What kinds of sensitive information do we collect and hold?

If you participate in one of our programs, events or workshop we may collect the following sensitive information:

  • health information (such as medical history, dietary requirements, allergies, medication requirements, medical diagnoses, medical plans (such as for asthma, epilepsy or anaphylaxis), your Medicare number, Health Care Card details, private health insurance details and ambulance membership).
  • racial or ethnic origin, religious beliefs or affiliations, country of birth or Aboriginal or Torres Strait Islander heritage; and
  • political opinions or association.

For our employees, contractors and volunteers, we may collect sensitive information such as:

  • membership of a political, professional or trade association or trade union,
  • criminal record and
  • health information (such as medical history, dietary requirements, allergies, medication requirements, medical diagnoses, medical plans (such as for asthma, epilepsy or anaphylaxis), your Medicare number, Health Care Card details, private health insurance details and ambulance membership.

What if you don’t provide us with your personal information?

In some circumstances, we allow individuals the option of not identifying themselves, or of using a pseudonym, when dealing with us (for example, when viewing our website or making general phone queries). Donations may also be made anonymously, but in this case, FYA may not be able to issue a tax-deductible receipt.

The nature of the business carried on by FYA means that, generally, it is not possible for us to deal with individuals or organisations in an anonymous way.

How we collect personal information

We usually collect personal information directly from you. We may also collect personal information from your teacher, parent or guardian if you are under the age of 18.

We will usually collect personal information from you (or your parent, guardian or teacher) when you:

  • access and use any of our websites or social media platforms;
  • communicate with us through correspondence, email, chat or other online forms;
  • register for any of our programs, events or workshops;
  • if you provide us with your business card at an event or otherwise provide your personal information to us in person; or
  • participate in research or evaluation discussions, interviews or focus groups that we run.

Sometimes we will collect personal information about you from a third party, these third parties may include:

  • your school or educational institution;
  • your employer or another representative of your organisation;
  • research organisations;
  • service providers;
  • government agencies
  • law enforcement bodies;
  • publicly available records;
  • recruitment agencies; and
  • social media (such as Twitter, Facebook, YouTube, Instagram).

How we hold personal information

We hold personal information in hardcopy files and in electronic form, and take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.

We may hold your information in either electronic or hard copy form. When we no longer need your personal information, we will either securely destroy it, or irreversibly anonymise the data (and we may further retain and use the anonymised information).

We store hardcopy files in offices and cupboards within an access controlled premises. We also store hardcopy files with an offsite storage provider whose premises is monitored by CCTV and access is strictly controlled.

We store electronic records within our own secure network and through third party data storage providers. Personal information within our network is password protected and access is appropriately limited.

Our third party data storage providers are required to protect personal information in accordance with applicable laws and take appropriate technical and organisational measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage.

The purposes for which we collect, hold, use and disclose personal information

General purposes

We collect, hold, use and disclose personal information for the purposes for which it was collected, related purposes, and other purposes including:

  • maintaining, managing and developing our relationship with educational institutions, government entities, partners, sponsors, stakeholders, other not for profit organisations and other young people;
  • organising, marketing and running our programs, workshops and events (including competitions and promotions run by us);
  • to enable you to use our websites and social media channels;
  • assessing and considering applications from prospective employees, contractors, volunteers and service providers;
  • developing and managing relationships with our employees, contractors, volunteers and service providers;
  • contracting out some of our functions to external service providers and suppliers (such as IT, mailing and couriers, research, event management, accommodation, travel, professional advisors and recruitment); and
  • complying with our legal and regulatory obligations.

Marketing purposes

We like to keep young people and our supporters informed about the work we do. If you provide your contact details to us we will add you to our mailing list and let you know about upcoming programs, events and workshops. These communications may be sent in various forms, including mail, email, social media content and SMS.

We will only send you these communications if you would reasonably expect to receive them or you have consented. You may opt-out of receiving communications from us at any time by contacting us or by using the opt-out (unsubscribe) mechanism provided in the communication.

Research purposes

We conduct research into challenges facing young Australians. We also evaluate our programs, events and workshops and publish the results. Sometimes we conduct research and evaluation ourselves and sometimes we engage professional research organisations to conduct it on our behalf.

If you provide personal information to us in connection with one of our programs, events or workshops, we may use that information in our research and evaluation. This includes publishing non-personally identifiable information and statistics about our research and evaluation of our programs, events or workshops.

If you provide your contact details to us, we may also contact you to ask you if you would like to participate in our research or evaluation surveys.

Who do we disclose your personal information to?

The nature of the services provided by FYA means that it is often necessary for us to disclose your personal information to other parties. We will ordinarily let you know who we will disclose your personal information to, when we collect the information from you (unless there are practical reasons for not informing you).

Common third parties we might need to disclose your personal information to include:

  • to our employees, volunteers, contractors or service providers;
  • to our sponsors, partners, stakeholders and collaborators who helps us to provide our programs, events and workshops;
  • to your parents, guardian, teacher, school or educational institutions;
  • to police, fire, medical and other emergency personnel in the event of an emergency involving you;
  • to professional research bodies whom we have engaged to conduct research or evaluate one of our programs, events or workshops; and
  • to our professional advisers (including lawyers, accountants, business advisors and consultants).

Overseas disclosures of personal information

We may disclose personal information to external service providers located overseas so that they can provide us with services in connection with the operation of our business, such as IT services and data storage.

The countries in which these overseas recipients may be located are the United States of America, the United Kingdom, Chile, Taiwan, Singapore, Japan, Finland, Belgium, Ireland and the Netherlands.

If you apply to us for employment, and have lived or worked overseas, we may disclose your personal information to overseas recipients for the purposes of gathering information to assess your application. If you have previously worked for us, and provide our details to a prospective employer or recruitment agency located overseas, we may disclose your personal information to that entity to assist them to assess your application.

Aside from the purposes set out above, we will generally not disclose personal information to overseas recipients unless we have obtained your prior consent to do so.

Accessing and correcting the personal information we hold

You can request to access the personal information we hold about you. We will take reasonable steps to provide you with access to your personal information.

If you think any personal information we hold about you is incorrect, you can request that we correct that information. We will take reasonable steps to correct your personal information if we are satisfied that it is inaccurate, out of date, incomplete, irrelevant or misleading.

Requests to access and correct your information should be made by email, post or phone using the details provided under the ‘Contacting Us’ heading. Note that we will need to verify your identity before processing your request. We will endeavour to respond to your request within 30 days.

You can also request to have the personal information we hold about you deleted. We will take reasonable steps to do so.

How to make a complaint

If you have a complaint about how FYA has collected or handled your personal information, please contact our Privacy Officer using the details provided under the heading ‘Contacting Us.’

Please include your name, an outline of your complaint and an email or postal address so that we can write back to you. We will treat your complaint confidentially and respond within a reasonable time.

If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Privacy Commissioner, the New South Wales Privacy Commissioner or the Victorian Health Services Commissioner.

Additional information for residents of the European Union

If you are a resident of the European Union for the purposes of the General Data Protection Regulation (GDPR), then in addition to what is set out above, the following applies to you.

FYA is a data controller for the purposes of the GDPR and by your consenting to this Privacy Policy FYA is able to control your Personal Data in accordance with this Privacy Policy. Our Contact details are set out under the heading ‘Contacting Us’.

In providing services to you, FYA may make use of a number of automated processes using your personal information and your activity on our website as tracked by us, in order to provide more tailored and relevant services to you such as providing tailored content to you through email communication, and on the website.

In addition to your rights set out above, you may:

  • withdraw your consent to FYA’s use of your personal information as described in this Privacy Policy by getting in contact with us and by opting out of our direct marketing by using the opt-out mechanism. FYA will take reasonable steps to ensure that the personal information we hold about you is deleted;
  • request that FYA provides you with a copy of the personal information FYA holds about you in a portable and machine readable form; or
  • request that FYA erases the personal information it holds about you.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

Should you have any concerns in relation to FYA’s collection and/or processing of your personal information, then in addition to the process set out under the heading “How to make a compliant” you have the right to complain to a supervisory authority (within the meaning of the GDPR).

Changes to our privacy policy

From time to time it may be necessary for us to review and revise our Privacy Policy. We may notify you about changes to this Privacy Policy by posting an updated version on our website. We encourage you to check our website from time to time to ensure you are familiar with our latest Privacy Policy.