Privacy Policy

Privacy Policy

1. Policy Statement

We are committed to protecting the privacy of personal information we collect and handle. This policy explains how we manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

When dealing with public sector entities in Western Australia, we also comply with the Privacy and Responsible Information Sharing Act 2024 (WA), including the Information Privacy Principles (IPPs), to the extent required as a contracted service provider.

2. Definitions

  • Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.

  • Sensitive Information includes details such as racial or ethnic origin, political opinions, religious beliefs, sexual orientation, health information, genetic or biometric data, or union membership. We only collect sensitive information where permitted by law and with your consent.

3. Collection of Personal Information

We collect personal information directly from you, and in some cases from third parties or publicly available sources. This may include:

  • Contact details (name, email, phone, address)

  • Membership or account details

  • Payment details where relevant

  • Information you provide when communicating with us

We only collect information that is necessary for our business functions and to provide services to you.

4. Use of Personal Information

We use personal information to:

  • Provide and manage services

  • Communicate with you about your membership or account

  • Process payments

  • Meet our legal obligations

  • Send you updates, offers, or marketing (where you have consented or it is otherwise permitted under law)

You may opt out of direct marketing communications at any time.

5. Disclosure of Personal Information

We may disclose personal information to:

  • Government agencies and regulators, where required by law

  • Service providers and contractors who assist us in delivering services

  • Technology platforms we use to manage and store data, including:

    • Google Workspace (including Google Sheets) for data management and storage

    • HubSpot for customer relationship management

  • Other parties where you have provided consent or disclosure is otherwise authorised by law

Where service providers are located overseas, we take reasonable steps to ensure they handle personal information in accordance with the APPs.

6. Management and Security of Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include:

  • Limiting access to authorised staff

  • Secure storage of physical and digital records

  • Use of secure technology platforms (e.g., Google Workspace and HubSpot) that apply appropriate access controls and encryption

We retain personal information only as long as necessary for business or legal purposes. When no longer required, it is securely destroyed or de-identified.

7. Notifiable Data Breaches Scheme

Under the Privacy Act 1988 (Cth), we are required to notify both the Office of the Australian Information Commissioner (OAIC) and affected individuals if a data breach occurs that is likely to result in serious harm.

If such a breach occurs, we will:

  • Promptly assess the incident

  • Notify affected individuals with details of the breach and recommended steps to protect themselves

  • Notify the OAIC in line with statutory requirements

Where we are contracted to WA public entities, from 1 January 2027, we will also comply with the WA notifiable information breaches scheme under the PRIS Act, which requires notification to the WA Information Commissioner.

8. Access and Correction

You have the right to access personal information we hold about you and request corrections where it is inaccurate, incomplete, or out of date. Requests can be made to our Privacy Officer (details below).

We may refuse access in certain circumstances outlined under the Privacy Act, but we will explain why if that happens.

9. Anonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym.

10. Overseas Disclosure

Some personal information may be stored or processed in countries outside Australia (including where our technology providers operate). We take steps to ensure overseas recipients comply with privacy standards substantially similar to those required in Australia.

11. Complaints

If you have a concern about how we handle your personal information, please contact our Privacy Officer. We will investigate and respond within a reasonable time (usually 30 days).

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Where applicable under WA law, you may also contact the WA Information Commissioner once the PRIS Act is in effect.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will always be available on our website.

Contact Details

Privacy Officer

VFESA – Emergency Memberlink Program

PO Box 2200

Mornington VIC 3931

Email: info@memberbenefits.com.au