Privacy

policy

Obligations

This document outlines DemocracyCo’s policy on privacy and the management of information within the operations of the business. The purpose of this policy is to inform and guide employees in correct creation and management of information, and handling of personal information. DemocracyCo is committed to establishing and maintaining privacy and information management practices that meet its business needs, accountability requirements and stakeholder expectations.

Application and Scope

The work of DemocracyCo is centred around people, demographics and populations. We are committed to managing the information about the people we work with appropriately and securely.

  • This policy applies to all employees and users of information used for DemocracyCo business purposes

  • All Users should be aware of this policy, their responsibilities and legal obligations

  • All Users are required to comply with the policy and are bound by law to observe applicable statutory legislation in regard to privacy and information management.

  • DemocracyCo’s Cyber Security Policy is used in conjunction with this policy and additional guidelines and procedures that support this policy.

Types of information we collect

If you have been selected to participate in one of our deliberative processes, the types of information we collect and hold about you includes your name, address, email address, telephone number and preferences. If you have signed up to stay updated with our work, the personal information you have provided such as name, email address and postcode are securely stored so we can stay in touch with you about our initiatives and/or be contacted for recruitment purposes on an adhoc basis. You can opt out of this at any time by sending an email to [email protected] or [email protected]

Why we collect your personal information

We collect personal information to allow us to select a diverse group.  Typically, by using random stratified sampling techniques. This is an internal process only. We will not use or disclose your personal information for any secondary purpose, unless:

  • that secondary purpose is related to the primary purpose for which we collect that information, and you would reasonably expect the disclosure in the circumstances; and

  • you have given us your consent to be contacted for future recruitment purposes.

It is important to note that DemocracyCo will always seek your consent in writing (email) before sharing any personal information for a secondary purpose.

How we collect and store information

We source personal information predominately by purchasing data samples from commercial providers, by using publicly available data sets, through our clients (i.e., local government resident databases) or through random ‘to the householder’ mail drops through Australia Post.

Databases are retained for the duration of the project and for a period from completion of the project as deemed relevant for business and client purposes.  On occasion, DemocracyCo receive requests from clients for historical data regarding community member details, to which CoCEO’s review on a case-by-case basis the requirements of both the release of information and for duration of retention of project information.

We also retain information on people who ask to stay updated with our work.  All business data and personal information is stored securely on DemocracyCo information management systems and are guided by the below section “Information Security and Storage”.

How we make sure your personal information is protected

We take appropriate security measures to protect against unauthorised access, unauthorised alteration, disclosure, or destruction of your personal information. These include internal reviews of our data collection, storage and processing practices and security measures, as well as cyber security measures to guard against unauthorised access to systems where we store personal information. 

Personal information is held only for as long as the personal information remains relevant to the purpose for which it was collected.  DemocracyCo computer hardware, information management systems and software that is used to store and manage data is done so under the guidance of the DemocracyCo Cyber Security Policy. This policy is reviewed annually and in conjunction with an annual IT Audit.

Who can access your personal information

DemocracyCo will not share your personal information outside of the purposes of the project you are involved in. We will always seek your permission before sharing your personal data with others (including other organisations involved in the project).

Unsolicited personal information

We do not collect unsolicited personal information. Where we receive unsolicited personal information, we will determine whether it would have been permissible to collect that personal information if it had been solicited. If we determine that collection would not have been permissible, to the extent permitted by law, we will destroy or de-identify that personal information as soon as practicable. If we determine that it was permissible, we will not use any personal information for any other purpose without consent.

Information security & storage

DemocracyCo use the suite of Microsoft Office 365 Pro applications, including cloud-based storage of documents and data.  DemocracyCo’s primary application for the storage of personal information is the customer record management software Nimble. Nimble uses cloud-based storage and is governed by the international General Data Protection Regulation (GDPR) 2018. Personal data may also be stored in Campaign Monitor and Survey Monkey. Data stored in the DemocracyCo Nimble, Campaign Monitor and Survey Monkey accounts is owned by DemocracyCo and can only be accessed by those who have access to the account and data. The DemocracyCo Nimble, Campaign Monitor and Survey Monkey accounts cannot be accessed without explicit permission from DemocracyCo and only for the purposes of investigation of errors or bugs, if these are reported.

Personal data is stored in Nimble, Office 365, Campaign Monitor, and Survey Monkey. We adhere to the procedures outlined in the DemocracyCo Privacy Policy to keep your personal data safe and protected, and we employ the procedures outlined in the privacy policies of each program, which are listed below.

DemocracyCo engage L3 Consulting and Seventy-Six Creative to oversee all security measures in place for the business. (see also DemocracyCo Cyber Security Policy).  We endeavour to work collaboratively, understanding the nature and sensitivity of the safe and secure storage of personal information.

Systems used to store and maintain information

System Backup:

The backup program SkyKick, is set up on each system used to conduct DemocracyCo business and performs daily system backups. Storage of all data backup is cloud based.

External Software

From time-to-time DemocracyCo access and use software programs to assist with information required in the management of projects and databases.  Software such as Monday.com, Survey Monkey, Basecamp and BurstSMS are used for specific purposes and store DemocracyCo data.  All external software used for this purpose undergoes a review of security systems and storage procedures.  DemocracyCo also consult with and are guided by the advice from L3 Consulting and Seventy-Six Creative in the use of external software providers to ensure integrity and security of business information external to the business.

 

Retention of Information

DemocracyCo retain all relevant project information as well as personal information collected in the recruitment of personnel for community panels.  All members of the public that engage and work with DemocracyCo are made aware of the use and storage of their personal information as guided by the DemocracyCo Privacy Policy.

Databases are retained for the duration of the project and for a period from completion of the project as deemed relevant for business and client purposes.  On occasion, DemocracyCo receive requests from clients for historical data regarding community member details, to which CoCEO’s review on a case-by-case basis the requirements of both the release of information and for duration of retention of project information. DemocracyCo retain participant information for survey purposes to assist with business recruitment and system improvements but only do so with the consent of participants. Participant records are stored in the DemocracyCo Nimble, Office 365, Campaign Monitor and Survey Monkey databases.

Sharing folders

DemocracyCo from time to time are required to share specific project information with external contractors or clients.  Documents or folders must only be shared on authorisation from the Project lead or one of the CoCEO’s.  The individual folder or document is shared via a ‘permissions only function, allowing access the relevant document or folder only.

Your Rights and choices

DemocracyCo take all reasonable steps to ensure any personal information we collect, use, or disclose is up to date and accurate. If you get in touch, we will be happy to let you know what sort of personal information we hold about you, for what purposes, and how we collect, hold, use, and disclose that information. Please direct all request for access and correction to: [email protected]

Request to Delete Records

On request, DemocracyCo will remove/delete all records of personal information collected. Our process to complete this is:

  1. Delete individual record in the DemocracyCo Nimble database.

  2. Delete individual record in Survey Monkey, if relevant.

  3. If used, delete individual record from Basecamp, if relevant.

  4. Delete individual record from any other spreadsheet or data set stored in the DemocracyCo

Provision to ‘unsubscribe’

Programs used for information distribution by DemocracyCo such as Nimble CRM and Campaign Monitor, include an option to ‘opt out’ or ‘unsubscribe’ from any mailing list or newsletter that may be sent by us.  In any distribution or recruitment, we provide the flexibility for individuals to control information they receive from us and will always utilise these options within these programs.

Complaints

If you consider a breach of the Australian Privacy laws or your rights in relation to privacy has occurred, you may direct your query to us, and we will attempt to resolve your complaint. If you do not consider our response satisfactory, you may contact the Australian Privacy Commissioner at its website or by telephone on 1300 363 992.

For more information

If you would like more information on privacy, please contact us.

Monitoring and improvement

DemocracyCo have systematic document management procedures implemented that see this policy reviewed and updated annually in consultation with staff, relevant stakeholders and in accordance with data management requirements where necessary.  This policy is updated in conjunction with the DemocracyCo Cyber Security Policy and annual IT audit.

For more information
If you would like more information on privacy, please contact us.

Policy authorised by:  E Fletcher   Date: 16/01/2025