Privacy Policy

MCM uses personal information to carry out its functions and activities which includes donations, to comply with legal obligations and to help us manage and provide our services.

The types of personal information we collect may include your name, date of birth, gender, contact information, credit/debit card information, health information and other information about your history with, or relationship to MCM and the circumstances which lead you to use our services.

MCM complies with the Australian Privacy Principles (APPs), which are part of the Privacy Act 1988 (Cth). MCM is also bound by the Privacy and Data Protection Act 2014 (Vic) (PDPA) and the Information Privacy Principles (IPPs) made under the PDPA and the Health Privacy Principles (HPPs) made under the Health Records Act 2001 (Vic).

We collect personal information from individuals who are connected to our operations and activities – including people who use our services, employees, job applicants, donors, volunteers, sponsors, health professionals, suppliers, and service providers.

MCM will take reasonable steps to keep personal information secure and will, subject to the APPs, comply with a request from a person to access, correct or remove their information.

Where MCM engages an external organisation to assist it, MCM will ensure that the external organisation will only use the personal information collected in line with this policy and the APPs. MCM allows individuals to act anonymously where it is practical and lawful to do so. For example, MCM will accept anonymous donations, however provisions contained in taxation legislation require us to collect the name of the donor if the donor requires a tax-deductible receipt.

How we collect and store personal and sensitive information varies depending on the purpose for which it is collected. We may collect your personal information as follows:

• Directly from you, either in person, over the phone or by email;
• from third parties where you have specifically authorised us to do so; and
• through our website including through forms on our website.

MCM websites may use cookies to track site visits, your navigation experience, and items added while using the online shopping or donation facilities. If you are concerned about the use of these cookies, your browser can be configured to notify you when you receive a cookie, and provide you with the opportunity to accept or reject it.

You may refuse all cookies from MCM websites however some functions may be unavailable. Our online credit card processing company may also use cookies for identification and anti-fraud purposes.

MCM will always collect your personal information directly from you unless it is impracticable to do so. This is usually be done in person, over the telephone or by email. Examples may include:

• copies of your written correspondence with us;
• copies of receipts and/or transaction records in relation to your financial support of our fundraising activities;
• copies of your application form, request for assistance and/or other associated documents (including documents generated during your participation in a program with, or otherwise during your interactions with us) and information that you may provide to us in relation to one of the many services and programs we offer:
• copies of your volunteer agreement or employment agreement and any associated documents; and
• information you provide to us in connection with your volunteering for or employment with MCM.

We may keep copies of the above documents (in physical and/or electronic form, at our election) as is necessary to carry out our functions and provide our services and programs. All personal and sensitive information is securely stored at all times by us or an authorised external service provider and only authorised people will have access to the above documents and information.

If you are applying for employment with MCM we may collect and process information about you such as employment history, qualifications, residency status, background check and other information required as part of the recruitment process. In that regard, we may also collect sensitive information or special categories of data such as health or medical information, racial or ethnic origin, and criminal convictions. You acknowledge and give your consent for MCM to collect, store, use, process and disclose any such information and personal data for the purpose of assessing your application for employment with MCM.

Generally, the purpose of us collecting your data as part of the recruitment process is to enable us to facilitate safe recruitment and to determine suitability for the role. If you fail to provide certain information when requested, we may not be able to take the steps to enter into a contract with you (for example if incorrect references are provided), or we may be prevented from complying with our legal obligations (such as evidence of right to work).

MCM will only use your personal information for the purposes for which it was collected, unless we reasonably consider that we need to use it for a secondary purpose, and that purpose is related to the original purpose. If we need to use your personal information for an unrelated secondary purpose, we will notify and seek your consent. How long we retain your information will depend on whether your application is successful you then become employed by us, the nature of the information concerned and the purposes for which it is processed.

As part of administering our services, we may collect health information and other sensitive information. For example, we may collect medical history information from you, if you are using particular services, participating in a specific activity or volunteering. We may also require information via a police or working with children check if you are volunteering for various programs.

MCM may collect, hold, use and disclose personal and sensitive information for purposes necessary to carry out our functions and provide our services and programs. Generally, these purposes include:

• to keep in contact with you as a supporter of MCM and to inform you about the role and extent of our work and mission;
• to manage our fundraising activities and for taxation record-keeping purposes associated with your donation to MCM;
• to assess your welfare needs and to provide you with the welfare and community services and assistance we offer;
• to provide you with the necessary care and assistance during your time as a resident of, or recipient of services from one of our services, centres or facilities (such as aged care centres, recovery services, crisis accommodation services, etc.);
• to provide you with the services requested by you from us;
• to comply with necessary business and accounting standards;
• to comply with our reporting obligations to the Australian Taxation Office and other government agencies and public sector bodies;
• to facilitate and manage your employment relationship or volunteer arrangement with MCM;
• support services, to provide you with information and support services, and to evaluate and report on these services
• health promotion - to provide you with information about homelessness and other health factors that may impact on homelessness such as mental and physical health issues;
• marketing, in order to communicate with you about services, donations, products, services, campaigns, causes and events;
• statistics so we can better understand the demographics of our clients, supporters, volunteers and donors in order to provide the most relevant information in the most appropriate manner;
• to provide you with information about projects, and to evaluate and report on these services via feedback from participants and stakeholders;
• to carry out internal functions including administration, training, accounting and auditing;
• to comply with our external auditing obligations;
• to enable you to assist us with volunteering, community fundraising, advocacy and other activities where we seek the community’s assistance; and
• to communicate with you in relation to our operations, activities and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.

We may use personal information (including some sensitive) information to generate aggregated statistical data for the purpose of reporting to Government agencies and to plan for improvements to our services. We take reasonable steps to ensure that the information we report to Government agencies is de-identified and aggregated, so that the statistical data and reports cannot be used to identify you.

MCM is committed to maintaining your privacy and we will only use your personal and sensitive information for a permitted purpose for which we have collected the information. There is no obligation for you to provide us with any of your personal information however if you choose not to provide us with your personal information, we may not be able to provide you with the services that you require.

You have the option of not identifying yourself or using a pseudonym when dealing with us in relation to a particular matter, unless we believe it is impracticable to do so in the circumstances. If you wish to deal with us in this manner, you must tell us in writing so that we can consider if your request is practicable.

Under the APPs, you have the right to deal with us on an anonymous or pseudonymous basis. This means that you do not need to provide us with personal information if and when we request that information.

In order to carry out our functions and provide our services and programs, we may need to disclose your personal and sensitive information to external service providers. This may include:

• External support services: to healthcare professionals, other professionals, counsellors, service providers, agencies that provide support services. Your personal Information will only be provided with your expressed permission;
• Contractors and service providers who perform services on our behalf, such as mailing houses, printers, information technology services providers (including offshore cloud computing service providers), and database contractors. The information we share with these will not be stored, used or shared by those parties; and

• MCM Board members, staff and relevant program managers who may need to contact you to update your information, arrange volunteer opportunities or provide receipts for donations and supporter activities.
  

We will only share your personal and sensitive information in accordance with your express consent and instructions, subject to the exclusions set out in the APP’s. We do not supply our database information to other marketing organisations not acting on our behalf.

We take all reasonable steps to protect all of the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information stored electronically will be stored securely either on our database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.

Except as otherwise permitted or required by applicable law or regulation, MCM only retains personal data for as long as necessary to fulfil the purposes they collected it for, as required to satisfy any legal, accounting or reporting obligations, or as necessary to resolve disputes.

To determine the appropriate retention period for personal data, MCM considers the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for processing the personal data, whether we can fulfil the purposes of processing by other means and any applicable legal requirements.

Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised persons.

Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information and we take reasonable steps to protect the privacy and security of that information.

MCM takes reasonable steps to ensure that any third party to which we disclose personal information collected from or about an individual takes steps to protect the personal information so disclosed and to destroy or to de-identify the information when the information is no longer required.

When we take steps to destroy or to de-identify personal information that is no longer required for the purpose(s) for which the information was collected, we will take reasonable steps to destroy or to de-identify the information in a secure manner.

Your direct debit or credit card information

We use Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.

MCM undertakes Privacy Impact Assessments (PIAs) as part of our risk management strategy in order to assess whether it is safe to proceed to the implementation phase of a new project, activity, initiative or application. We also undertake PIAs if changes are made to the way we collect, use, store or dispose of personal information.

Most personal information held by us is stored in our systems, including donor management information systems, HR management systems, finance systems and records management systems.  Some of these systems may be externally hosted or managed.

Generally, personal information will be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will take reasonable steps to ensure the personal information we hold about you is accurate, up-to-date, complete, relevant and not misleading.

You can request access to the personal information we hold about you at any time by contacting MCM’s Privacy Officer.  You also have a right to ask us to correct any inaccurate personal information we hold about you.  Sometimes, we may not be able to provide you with access to all your personal information.

In these instances, reasons include where:

• it would pose a serious threat to the life, safety or health of any individual or to public health or public safety;
• access would have an unreasonable impact on the privacy of other individuals;
• the request is frivolous or vexatious;
• denying access is required or authorised by a law or a court or tribunal order;
• access would be unlawful; and
• where access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.

If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.

We also reserve the right to redact information made available in response to an access request, in order to protect the privacy of other individuals.

Given that we hold personal and sensitive information collected from many individuals, and we do not wish to interfere with the privacy of other individuals, we reserve the right to request from you information in order to verify your identity in order to ensure that we do not inadvertently disclose personal information about another individual(s) to you where you are not entitled to access such access would pose a serious threat to the life, safety or health of any individual or to public health or public safety.

MCM is committed to protecting your privacy and where there has been a suspected or actual data breach we will follow the process in our Data Breach Policy and Response Plan which includes:

• investigating any reported actual or suspected data security breaches;
• where applicable, make the required report of a data breach to the relevant regulatory authority within the required time period; and
• notifying the affected individuals if a data breach is likely to result in serious harm as required by law.

How we comply with the Notifiable Data Breaches Scheme

We will notify you in the event your personal information is involved in a data breach that is likely to result in serious harm. This notification will include recommendations about the steps you should take in response to the breach. We will also notify The Australian Information Commissioner of eligible data breaches. Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result require notification.

We may update this Privacy Policy from time to time to reflect new services, changes in our personal information practices or relevant laws.

If you have any queries about how we manage your personal information please contact our Privacy Officer at privacy@mcm.org.au.