Vision Australia Privacy Policy

Introduction

Vision Australia is committed to maintaining the privacy of your personal information. Vision Australia is also bound by the Privacy Act 1988 (Privacy Act). Any personal information we collect will be handled in accordance with the Australian Privacy Principles (APPs) outlined in the Privacy Act and any applicable state or territory legislation.

Privacy law is regulated by the Australian Information Commissioner. Further information about privacy legislation can be obtained from the Office of the Australian Information Commissioner website at: www.oaic.gov.au.

About this Policy

This privacy policy sets out how Vision Australia complies with its obligations under the Privacy Act regarding the collection, use, disclosure, storage, security of and access to the personal information of clients, donors, members, volunteers, job applicants and staff.

We reserve the right (at our discretion) to modify, amend or replace this policy from time to time. A new version of this policy will be posted to our website when this policy is modified, amended or replaced. We recommend that you regularly review our privacy policy.

Further information can be found in our Donor Privacy Policy and the Website Privacy Notice.

Policy

1. Types of personal information we collect 

Personal information is information or an opinion about a person where their identity can be reasonably ascertained.

Sensitive information is a subset of personal information that generally has a higher level of privacy protection than other personal information, such as health information. 

Vision Australia will only collect personal information necessary to deliver our services and conduct the business activities that support this.

We collect different types of information depending on our relationship with an individual, as follows:

Clients/customers:

We generally collect the following types of personal information regarding our clients/customers and their representatives:

• name, pronouns, date of birth, contact details, details of next of kin or emergency contact, payment details, Medicare number, NDIS number and/or My Aged Care ID as relevant to the service being provided, product being acquired and other information relevant to your relationship with Vision Australia, such as communication preferences, interests and interaction history.

In addition, where required to ensure safety and/or compliance with external obligations we may also collect sensitive information such as:

• details of your eye condition and other relevant health information.

Job applicants, service providers, volunteers:

We collect certain personal information about volunteers, job applicants and service providers wishing to supply products and/or services to us as well as their employees, including:

• full name, date of birth/age, contact details, emergency contact, resumes, employment histories and qualifications, training records and competency assessments, police checks and other suitability checks.

We may also collect sensitive information, including health information such as medical histories directly related to the individual’s ability to perform the inherent requirements of the position and immunisation status where external contractual requirements are in place.

Donors:

We collect certain personal information about donors to process their donations, communicate with donors, and ensure a complete and accurate record of a donor’s history and engagement with Vision Australia, including:

• personal details such name, pronouns and date of birth, address, contact details, transaction details including authorisations and dates and amounts of transactions, payment information for donations, records of your communication and interaction with us and any other profile information associated with your engagement with us.

2. How we collect your personal information

Vision Australia collects personal information through a variety of methods including paper, electronic or face-to-face interactions, meetings and interviews, emails, interaction with our website or over the telephone, requests for information, and from other parties such as, volunteers and service providers in the course of providing goods and services. 

Where possible, we collect personal information directly from individuals or their authorised representatives. However, information may also be collected through referrals from other service providers, the process of obtaining donations, lottery campaigns, and from commercial list providers or information provided by other charities.
Other methods of collection include the following:

(a) Information collected on our website

i. Member account services

Where an individual elects to save their details on the Vision Australia website, we will collect this information to create an account showing their shop order history, and/or access to library services.

ii. Using technology such as cookies

We may also collect information about you when you access our website using a technology called ‘cookies’. That information includes the pages viewed and the information downloaded, the IP address of the computer or mobile used to visit our website, the page from where the individual visited our website, the type of browser used, unique device identifiers and information about websites visited before the individual visited our website. You can configure your browser to disable cookies, but some parts of our website may not function properly (or at all) if cookies are disabled.

Some personal information submitted via forms (e.g. email address or name) is masked by default to prevent capture; however, in rare cases, field data may be unintentionally collected. Recordings are retained for a maximum of 30 days and protected using industry-standard encryption.

If an individual chooses to save their details or register an account on our website, we will collect and store this information to provide access to services such as:

• Shop order history,
• Library or information services.

(b) Collection of payment information (for donations and payment for services)

Donations and payments can be made several ways, including via our Vision Australia Website or over the telephone.
If an individual makes a donation or payment via our website, they will be directed to a secure third-party payment gateway, using a VeriSign Trust Network Secure Socket Layer (SSL) Certificate with 128-bit high grade encryption. Payments made through such payment gateways are subject to the terms and conditions and privacy policy of the relevant third-party providers.

Unless provided otherwise, all online payments are to be made by credit card.  Therefore, individuals will need to provide to Vision Australia details of your credit card, including:

• credit card type.
• name on credit card.
• credit card number.
• expiry date; and
• CCV number (where available).

Vision Australia will collect the same information if an individual makes a donation or payment over the telephone.

Payment details will be processed via an approved PCI-DSS compliant payment gateway. 

In cases where you have authorised regular payments (such as monthly donations) the approved PCI-DSS compliant payment gateway is used to securely store details. Vision Australia does not store any payment information within our systems.

(c) Third Party Suppliers

We endeavour to collect your information directly from you, however, in some circumstances we may collect your information from third parties.

Clients/customers:

Where possible, we collect personal information directly from individuals or their authorised representatives. However, information may also be collected through referrals from other service providers, health professionals or funding bodies.

Donors:

From time-to-time, Vision Australia may obtain details for prospective donors from like-minded organisations or third-party suppliers. Prior to acquiring a list of prospective donors’ contact details, Vision Australia enters into an agreement with like-minded organisations or third-party suppliers to confirm that:

• the information on the list was obtained in accordance with the Australian Privacy Principles and/or that the list owner is held responsible if their disclosure of the data to Vision Australia or Vision Australia’s use of the data to contact
• the supplier has provided the donors with the opportunity to have their details removed from the list.

If a prospective donor contacts Vision Australia to find out how we obtained their details, staff and volunteers are obliged to disclose this information. In particular, if Vision Australia obtained the prospective donor’s details from a list provided by a like-minded organisation or a third-party supplier, Vision Australia will let the prospective donor know the name of the list and the supplier. The list supplier will be contacted by Vision Australia and informed of the inquiry. Should the prospective donor not wish to be contacted, a request for the name to be suppressed from future data supply will be submitted by Vision Australia to the list supplier. Vision Australia will also record the prospective donors’ details in a suppression list provided the person consents, to avoid communicating to them in the future. In addition, Vision Australia will provide the donor with the Australian Direct Marketing Association’s (ADMA) no-mail service website which is https://adma.com.au/regulatory/do-not-mail.

(d) Recordings of calls and meetings

In some circumstances, Vision Australia may wish to record or transcribe a telephone call or meeting for training, quality assurance, automated summarisation and note-taking, or other purposes. Vision Australia will always notify you and obtain your consent prior to recording a telephone call or meeting. This includes occasions where staff meetings or online training sessions (audio and visual) are recorded. Participants will receive a notification when signing into the meeting and will have the option to either accept and continue or leave the meeting. When seeking consent to record clients and or family/carers this will always be discussed prior, and appropriate consent obtained.

(e) Use of Fundraising Platforms

Vision Australia uses third-party fundraising platforms and social fundraising tools including peer-to-peer event platforms or social media fundraising platforms, to support digital campaigns, events, and community fundraising initiatives.

When you engage with these platforms, either by:

• Creating or donating to a Vision Australia fundraising page on a third-party platform
• Making a donation via Facebook Fundraising, or
• Syncing your personal fundraiser between platforms (e.g. via Facebook integration),

your personal information may be collected by the relevant platform in accordance with their own privacy policies. Please refer to the platform’s privacy policy for information they collect separately to Vision Australia.

Vision Australia may receive information from these platforms including your name, email, donation amount, or fundraising activity, which we use to:

• Acknowledge your support,
• Provide fundraising assistance,
• Send receipts, campaign updates, or marketing communications and
• Better understand supporter engagement.

We encourage supporters to review the privacy settings and data sharing options provided by any fundraising platform they use.

3. How we use your personal information

Vision Australia uses personal information in different ways depending on your relationship to us.

Clients:

We primarily use clients’ personal information to provide them with services. We also use clients’ personal information for other purposes including, but not limited to:

• complying with our legal obligations.
• quality assurance, safety and risk management and continuous improvement activities; and
• to notify individuals of information and opportunities they may be interested in including fundraising opportunities
• to compile aggregated information to complete trend analysis to assist us with staff training, service improvements, etc.

Job applicants, volunteers and service providers:

We use personal information about job applicants, service providers and volunteers:

• to assess their suitability to perform the duties required and deliver services to our clients, where required.
• to meet our obligations under relevant laws.
• manage workplace risk and safety; and
• to improve the services, we offer through quality improvement activities such as training.

Vision Australia may use anonymised volunteer personal information to market to similar people.

Donors:

We use personal information about donors:

• to process donation payments.
• to provide refunds.
• to verify the donor’s identity and records.
• to respond to enquiries.
• to assist us to better understand our donors and, based on your anonymised profile, to market to similar people.
• to seek donations.
• for insurance purposes, internal accounting and administration.
• to keep donors up to date with information that may be of interest to them including via direct mail, email, SMS, Facebook, and other social media platforms; and
• to classify donors to support internal reporting, service delivery or communications. We do not seek to predict your behaviour.

Use for Digital Advertising

Hashing is a cryptographic security method, which turns your personal information into randomised code. The process cannot be reversed.  The randomised code does not contain your personal information. 

Vision Australia may use limited supporter data (such as email addresses) in a hashed, privacy-protective format to enhance the relevance of our digital advertising and to:

• Serve targeted ads to our existing supporters (retargeting),
• Reach new supporters with similar characteristics (lookalike audiences), and
• Measure and improve campaign performance.

The platforms (e.g.: Meta) use the hashed data to match users on their systems but do not receive any personally identifiable information, nor is any data shared back with us. You can manage the types of ads you see by adjusting your preferences in each platform's privacy or ad settings (e.g. Facebook Ad Preferences or Microsoft Privacy Dashboard).

De-identified Data:

De-identified data may be used to meet regulatory and funding requirements or for the purposes of research, internal reporting and improvement of services.

4. Circumstances in which we disclose your personal information

Personal information collected about our clients may be disclosed to other parties involved in the providing services to our clients. This may include disclosure of information to, for example, a client’s doctor, eye care specialist, allied health service providers, or relevant government agencies.

We may disclose personal information (including sensitive information) about our clients and donors:

• where you have consented to the disclosure and when you would reasonably expect us to disclose your personal information.
• to our Personnel where the information is directly relevant to their work role.
• to our agents and service providers (e.g., to enable them to perform services under contract with us which may directly or indirectly benefit you).
• to specific third parties authorised by you to receive information held by us to help us deliver donor communications, process payments, send electronic communications, or support secure data handling.
• to marketing providers to facilitate our marketing of our services to current and prospective clients; including using your anonymised profile to market to similar people.
• to government agencies where this is necessary for us to receive funding and/or comply with our legal obligations to notify the government and police of certain matters.
• to our professional advisers, such as lawyers or auditors.
• to related organisations; and 
• where authorised or required by law or court order, or other governmental order or process, such as where we believe in good faith that the law compels us to disclose information to:
  • lessen or prevent a serious threat to your life, health or safety or public health or safety, where it is impractical to obtain your consent.
  • take appropriate action in relation to suspected unlawful activity or serious misconduct.
  • to locate a person reported as missing.
  • to assert a legal or equitable claim; or
  • to conduct an alternative dispute resolution process.

We may also disclose personal information (including sensitive information) about a client, volunteer, employee, service provider, or applicant when required by law or court order or where we are required to do so as a result of any obligations we owe under any contract.

Commonwealth Home Support Program (CHSP) clients ONLY

As a requirement under this funding Vision Australia reports services delivered against My Aged Care IDs, into the secure DoHDA Data Exchange (DEX) System where the IDs are then encrypted.

The Australian Government Department of Social Services (DSS) hosts the DEX system and discloses a subset of this information (including an encrypted MAC ID) to the Department of Health, Disability and Ageing periodically in order to monitor provider compliance with funding grant conditions. This is authorised under s 573(1) of the New Aged Care Act 2024 (NACA).  

DSS uses your information in the Data Exchange to produce information for policy development, grants program administration, and research and evaluation purposes. DSS also shares data with organisations and agencies for reporting and research purposes. DSS de-identifies all data before use or disclosure so that it cannot be used to re-identify you.

5. Direct Marketing

Where permitted under privacy legislation, we may use your personal information to send you marketing, fundraising or promotional communications. These may include updates, appeals, invitations, event information, or content tailored to your interests or previous support.

You can update or withdraw your communication preferences at any time, including unsubscribing from specific channels, by contacting us directly or following the opt-out or manage preferences instructions in our communications.

Requests can also be directed to [email protected] or to our National Contact Centre on 1300 84 74 66.

Like-minded Organisations:

Occasionally we allow like-minded organisations to contact our donors with fundraising materials. In return, they help us reach more generous Australians to support our cause. If you do not wish to receive communications from other organisations, please follow the instructions provided on fundraising materials. Requests to opt out or unsubscribe from fundraising material can also be directed to [email protected] or to the National Contact Centre on 1300 847 466.

6. Security and Retention of personal information

Vision Australia will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. Personal information held by Vision Australia is stored electronically in secure databases, or where retention of hard copy documents is required, in secure filing systems. Only authorised Vision Australia Personnel are provided with access to individuals’ personal information. Vision Australia retains records as required by legislation and to ensure compliance with contractual obligations. Where personal information is no longer required by Vision Australia, or where required by law, Vision Australia will take reasonable technological and organisational measures as required by the amended APPs, to securely destroy or de-identify information in accordance with legal requirements for retention and disposal.
Some personal information submitted via webforms on our website may be retained temporarily on secure servers before being transferred to our core systems and securely deleted.

7. Data Breach Notification

Vision Australia accepts its obligation to keep personal information safe and is open and transparent in how data is handled. In the event that personal data systems are breached, data is misused or lost in a way that is likely to result in serious harm, then Vision Australia will take all reasonable and practicable means to contact individuals whose personal information is involved. Vision Australia will advise such individuals of the extent of the data breach (if known) and advise individuals of the most appropriate means of regaining control of their information, in an effort to limit the personal impact of the breach. If appropriate, Vision Australia will also report any breach of data to the Office of the Australian Information Commissioner (OAIC).

8. Access and correction

Individuals may request access to the personal information Vision Australia holds about them. Where reasonable and practicable to do so, and in accordance with the provisions of the Privacy Act, Vision Australia will provide supervised access to an individual’s personal information. Requests to access personal information should be directed to [email protected]. In the event access to records requires a significant allocation of resources, we may charge a reasonable administration fee to cover costs.

Corrections or updates to personal information supplied by clients or their authorised representatives must be made by the individual or their authorised representative. In all cases, Vision Australia staff must be satisfied changes are authorised by the individual in question. Requests to change personal information supplied by clients or their authorised representative will be actioned as a priority.

9. Requesting deletion of Data

From time to time, we receive requests from clients or donors wanting their personal information removed from our systems.

Donors:

If you have previously authorised a third-party platform to share your personal information with Vision Australia and would like that data deleted from our records, you may contact us at [email protected]. Please note that deleting data held by Vision Australia does not affect the data retained by the third-party platform. You will need to contact the platform directly to manage your data on their system.

Clients/customers:

Requests from clients or customers need to be carefully considered, the ability to erase data is dependent on the type of data we have on record and the applicable laws and legislation. For data deletion requests please contact [email protected].

10. Disclosure of personal information overseas 

Vision Australia will not disclose an individual’s personal information to an overseas entity. All personal information collected by Vision Australia will be stored in Australia. 

Where an individual or their authorised representative explicitly requests, the individual’s personal information may be disclosed to an overseas entity to enable the individual to receive services in that country.

In some circumstances, Vision Australia may outsource technological or administrative projects to overseas providers where local services are unavailable or cost prohibitive. In such cases, Vision Australia will take reasonable steps to ensure that the overseas recipient does not breach the APPs. Client information will be held in compliance with Vision Australia’s contractual and regulatory requirements.

11. Use, adoption or disclosure of government related identifiers 

With the exception of a clinical referral to another agency on behalf of a client, Vision Australia will not use, adopt or disclose an identifier assigned to an individual by a Commonwealth agency unless required to by law or where reasonably necessary and in accordance with the APPs.

12. Anonymity and pseudonymity 

Where practical, individuals may deal with Vision Australia anonymously or using a pseudonym. The majority of our services, however, will require collection of personal information to enable Vision Australia to provide the appropriate goods, services or response.

13. Review and improvement 

Vision Australia may update this Privacy Policy from time to time to reflect changes to legislation or internal process improvements. An up-to-date copy of this policy will be maintained on the Vision Australia website which can be accessed via this link: Vision Australia Privacy Policy. If you require this Privacy Policy in an alternative format, please contact [email protected].

14. Complaints and enquiries 

Vision Australia takes all complaints seriously. To lodge a complaint, either complete the Complaints and Suggestions for Improvement form on the Vision Australia website or contact the National Contact Centre: 1300 847 466. Requests or enquiries regarding this Privacy Policy or personal information held by Vision Australia can be made by email to: [email protected].

Complaints must be raised with Vision Australia first. However, if the individual is not satisfied with how Vision Australia has responded to the complaint, they may take the complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC’s contact details are as follows:

Website: oaic.gov.au
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

Definitions

Australian Privacy Principles (APPs): principles pertaining to the handling of personal information as set out in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act).

Client/Customer: Any person who engages the services of Vision Australia, including parents, family or guardians of children receiving services from the Vision Australia.

Donors: All persons who participate in or support Vision Australia’s revenue generation activities.

Identifier: A number, code, or other unique reference generated by Vision Australia to identify an individual within our systems. This may include internal identifiers used for administrative, reporting, or communication purposes (such as email suppression lists or campaign segmentation). Identifiers may also include pseudonymised or hashed data used in secure marketing processes. These are not used to uniquely identify individuals across external platforms and are not linked to government-issued identifiers.

Individual: a client, donor, member, volunteer, job applicant, or staff member of Vision Australia.

Member: a current member of Vision Australia Limited.

Personnel: All paid and unpaid persons undertaking work for the Vision Australia, including employees, volunteers, individuals on work experience, student placements, secondments and service providers.

Sensitive information: a subset of personal information. Includes information or an opinion about an individual’s racial or ethnic origin, political opinions, memberships, religious beliefs, sexual orientation, health information, criminal record or genetic information.

OAIC: Office of the Australian Information Commissioner. The OAIC is responsible for Privacy, Freedom of Information and information policy.

Vision Australia: Vision Australia Limited (ACN 108 391 83) includes the associated entities of Seeing Eye Dogs Australia Pty Ltd (ACN 004 758 641), 6RPH Pty Ltd ACN 608 797 762, 5RPH Pty Ltd ACN 608 798 661, Quantum Technology Pty Ltd ACN 001 381 728) and Vision Australia Foundation (ACN 007 428 284). Vision Australia Foundation is the trustee company for the Vision Australia Trust.

References

Privacy Act 1988 & Australian Privacy Principles

Applicable state and territory health and information privacy legislation

Authorised by

David Williamson 

Document Control

Date created: June 2008

Date last reviewed: December 2025

Version: 3.0

Policy level: 2

Prepared by: Compliance 

Approved by: Vision Australia Leadership Group

Next Review: November 2027 
 

Version Control: