Privacy Policy | Iramoo Community Cen

Introduction

Iramoo Community Centre is committed to protecting the privacy of personal information collected, held, and administered by the organisation. Personal information is any data that directly or indirectly identifies an individual. This policy applies to all Committee of Management members, staff, volunteers, and community members interacting with the Centre.

Purpose

The purpose of this policy is to provide a clear framework for handling personal information in accordance with:

Privacy and Data Protection Act 2014 (VIC)
Health Records Act 2001
Privacy Act 1988

Our goal is to ensure personal information is collected, stored, used, and disclosed responsibly while maintaining trust with our community.

Collection and Use of Personal Information

Iramoo Community Centre collects and manages personal information for the following purposes:

Community Programs
- Information collected: contact details, residential address, medical details, and photo consent.
- Purpose: to coordinate programs, ensure participant safety, and share community announcements.
Children’s Services Programs
- Information collected: family contact details, residential address, medical details, and photo consent.
- Purpose: to safely coordinate programs for children.
Venue Hire
- Information collected: contact details, photo ID, bank details.
- Purpose: to manage facility bookings and usage.
Mailing Lists
- Information collected: addresses and email addresses.
- Purpose: to distribute Centre notices and updates.
Employee Records
- Information collected: contact and residential details, medical, bank, superannuation, tax details, and qualifications.
- Purpose: to manage employment, salaries, entitlements, and workplace safety.
Website and Social Media
- Information collected: contact details and photos (with consent).
- Purpose: to promote programs and events and support community engagement.

Principles for Managing Personal Information

Iramoo Community Centre commits to:

Collecting only information necessary for our primary functions.
Informing individuals why their information is collected and how it will be used.
Using personal information only for its primary purpose or with consent.
Never selling or disclosing personal information without permission.
Not sharing personal information with overseas entities.
Storing personal information securely to prevent unauthorised access.
Providing access to individuals to review or update their information.
Safely destroying information that is no longer required.

Confidentiality Obligations

All staff and Committee of Management members must:

Maintain confidentiality of personal and sensitive information.
Not use information for personal gain or share with unauthorised parties.
Ensure that media statements or public disclosures are authorised.
Protect confidential information even after leaving the Committee or staff role.

Special care is taken with information relating to children, families, and program participants.

Data Breach Procedures

A data breach occurs when personal information is lost, stolen, or accessed without authorisation. Examples include:

A lost or stolen device containing personal information
A hacked database
Personal information mistakenly given to the wrong person

If a breach occurs, the Centre follows the Office of the Australian Information Commissioner (OAIC) four-step guide:

Contain – Stop further breaches and preserve evidence.
Assess – Evaluate the breach, its risks, and take immediate mitigation measures.
Notify – Inform affected individuals and, if required, the OAIC.
Review – Identify and implement measures to prevent future breaches.

Notifications to affected individuals include guidance on steps they should take in response to the breach.

Responsibility

It is the responsibility of the Committee of Management, staff, and volunteers to follow this policy at all times.