Login

Cart

Your cart is empty

POLICIES

Privacy and Data Protection

Purpose 

The purpose of this policy is to ensure that ORRCA collects, uses, stores, and discloses personal information responsibly, lawfully, and securely, while protecting the privacy rights of individuals and maintaining trust in ORRCA’s operations.

Objective  

The objectives of this policy are to:  

  • Ensure compliance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)  
  • Protect personal and sensitive information from misuse, loss, or unauthorised access  
  • Clearly define how personal information is collected, used, disclosed, and stored  
  • Support ethical handling of data in rescue, research, training, fundraising, and governance activities  
  • Reduce privacy, reputational, and regulatory risk to ORRCA.  
Scope  

This policy applies to:  

  • All personal information collected or held by ORRCA  
  • All ORRCA members, volunteers & committee members  
  • All systems, records, databases, platforms, and devices used to store ORRCA data  

This includes information collected through:  

  • Membership applications and renewals  
  • Merchandise sales
  • Rescue hotline calls and incident reports  
  • Training registrations and attendance records  
  • Events, fundraising, donations, and communications  
  • Research and community engagement activities   
Definitions 
  • ORRCA: Refers to ORRCA Inc. 
  • Personal Information: Information or an opinion that identifies or could reasonably identify an individual
  • Sensitive Information: Includes health information, biometric data, criminal history, or other information afforded higher protection under law.
  • Data Breach: Unauthorised access, disclosure, loss, or misuse of personal information. 
  • Consent: Voluntary, informed, current and specific agreement to the collection or use of personal information.
  • Record: Any form of recorded information, including digital files, emails, databases, paper files, audio recordings, or images.
Policy 

ORRCA is committed to protecting personal information and handling data in  accordance with privacy law, ethical standards, and best practice for wildlife rescue  organisations.  

Personal information will only be collected where necessary, used only for legitimate  purposes, organisational purposes, and protected against unauthorised access,   misuse, or disclosure.  

Policy details 

6.1 Collection of Personal Information  

ORRCA may collect personal information where reasonably necessary for its functions, including:  

  • Contact details (name, email, phone number, address)  
  • Membership records  
  • Training and accreditation records  
  • Emergency contact details  
  • Incident, rescue and operational reports  
  • Donation and financial transaction records  
  • Communications and correspondence    

ORRCA will take reasonable steps to ensure individuals are aware of why  information is collected and how it will be used.  

  6.2 Use of Personal Information  

Personal information may be used for purposes including:  

  • Managing memberships   
  • Coordinating rescue responses and incident management  
  • Delivering training and events  
  • Communicating organisational updates  
  • Fundraising and donor management  
  • Compliance with legal and regulatory requirements  

Information will not be used for purposes unrelated to ORRCA’s functions without  consent or lawful authority.  

6.3 Disclosure of Personal Information  

ORRCA may disclose personal information only where:  

  • Consent has been provided  
  • Required or authorised by law  
  • Necessary to protect life, health, or safety  
  • Required for regulatory reporting or investigations  
  • Provided to trusted service providers performing functions on ORRCA’s behalf  

ORRCA will not sell or trade personal information.  

6.4 Sensitive Information  

Sensitive information will only be collected where:  

  • It is strictly necessary  
  • Explicit consent has been obtained, or  
  • Required or authorised by law  

Additional safeguards will apply to sensitive information.  

6.5 Data Storage and Security  

ORRCA will take reasonable steps to protect personal information, including:  

  • Secure digital systems and password protection  
  • Restricted access to authorised personnel only  
  • Secure storage of physical records  
  • Regular review of access permissions  

Personal information will be retained only as long as necessary for operational, legal, or governance purposes.  

6.6 Data Breaches  

In the event of a data breach, ORRCA will:  

  • Take immediate steps to contain and assess the breach  
  • Notify affected individuals where required  
  • Comply with the Notifiable Data Breaches Scheme where applicable  
  • Review systems and processes to prevent recurrence  

6.7 Access and Correction  

Individuals may request access to, or correction of, their personal information held by ORRCA.    

Requests must be made in writing and will be responded to within a reasonable  timeframe.  

6.8 Third-Party Platforms and Systems  

ORRCA may use third-party platforms (e.g. membership systems, email services,  cloud storage).  

ORRCA will take reasonable steps to ensure these providers maintain appropriate  privacy and security standards.  

Compliance  

Failure to comply with this policy may result in:  

  • Disciplinary action under ORRCA’s Code of Conduct  
  • Suspension or termination of membership or role  
  • Reporting to relevant regulators where required  

Breaches of privacy may expose ORRCA and individuals to legal and regulatory  consequences.    

Contact 

For questions about this policy, contact the ORRCA Committee by email at orrca@orrca.org.au.