| Last Updated: | 25 September 2025 |
| Purpose: | This Privacy Policy explains how Mary MacKillop Today collects, uses, stores and discloses personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). |
| Additional Authority: | The Privacy Act 1988 (Cth) (Act), the Australian Privacy Principles (APPs). |
| Scope: | Applies to all individuals acting on behalf of or under the name of Mary MacKillop Today, including Board Members, staff, contractors, partners, consultants and volunteers. |
| Responsible Party: | Data and Privacy Focal Points. |
Mary MacKillop Today is committed to respecting privacy and upholding the rights and dignity of every individual. We collect, use, store and manage personal and sensitive information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other relevant privacy laws. We aim to go beyond legal compliance by fostering a culture of accountability, transparency, and respect for personal information across all areas of our work.
Our commitment is underpinned by a comprehensive privacy management framework that includes strong internal accountability mechanisms and a focus on integrating privacy considerations into all aspects of our operations.
Our in-country offices and program partners are supported to apply this Policy as a best practice guide when collecting, storing, and using personal and sensitive information. Where there is a conflict between this Policy and the laws of another country in which Mary MacKillop Today operates, the local law will apply to any personal information collected in that country.
To ensure ongoing alignment with evolving legislation, organisational needs, and advancements in technology, we regularly review and strengthen our privacy practices.
This includes:
- Mandatory refresher training for all staff every six months
- Spot checks conducted by designated Data & Privacy Focal Points to manage the risk of data breaches
- Annual policy reviews to ensure this Policy remains current and effective
This policy outlines how and why we collect, use, store and disclose personal information. It also describes how individuals can access and correct their information or make a complaint.
By engaging with us (e.g. visiting our website, making a donation, subscribing to communications, applying for employment or participating in a program), you consent to the use of your personal information in accordance with this policy.
We collect personal information necessary to carry out our charitable activities. The type of information we collect depends on your interaction with us and may include:
Donors, Supporters and Website Visitors
- Identifying details such as name, DOB, and contact information.
- Donation details such as credit card details (processed via secure payment channels).
- Communication preferences and donor history.
- Information shared in correspondence, surveys or feedback forms.
- Social media interactions with official accounts.
- Personal insights such as giving capacity, interest in bequests, or relationship history (where voluntarily provided or reasonably inferred).
Clients and Program Participants
- Identifying details such as name, DOB, and contact information.
- Financial information such as income statements, bank transactions, utility bills, fine notices, rent ledgers and loan payment plans.
- Sensitive information, including health conditions, disabilities, and social or geographic disadvantage.
- Academic information such as assessments, references, and grades.
Government-related identifiers
We may collect certain government-related identifiers — for example, Medicare numbers, Centrelink Reference Numbers, driver’s licence numbers or tax file numbers — if required for our work, or when we are authorised or required to do so by Australian law.
We will not use or disclose these identifiers except:
- Where required or authorised by law;
- To verify your identity with an authorised agency or service; or
- For the specific purpose for which the identifier was collected.
Employees, Contractors and Volunteers
- Contact information and employment history.
- Police check results and other pre-employment screening outcomes.
- Tax File Number (TFN), salary details, and superannuation information.
- Educational qualifications and volunteering history.
- Sensitive information where required for role-specific purposes (e.g. safeguarding-related checks).
Where lawful and appropriate, we allow individuals to remain anonymous or use a pseudonym.
We collect personal information:
- Directly from individuals (e.g. forms, phone, email, online interactions).
- Via third parties (e.g. referral agencies, employment platforms, online fundraising).
- From publicly available sources (e.g. directories).
- Automatically via website tracking (e.g. IP address, browser type).
To protect your privacy and personal information, we may ask you to verify your identity by confirming details we have on record, such as your current address, phone number, or donor number.
In accordance with Australian Privacy Principle 11 (APP 11), Mary MacKillop Today takes all reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
We implement robust security controls, including:
- Encrypted databases and password protection.
- Physical document security and timely destruction of unnecessary records.
- Access controls and regular system audits.
- Signed confidentiality agreements for staff and contractors.
- Mandatory privacy and data breach prevention training.
- Credit card details are not stored beyond the point of processing.
We also maintain a formal Data Retention Schedule to ensure personal information is only retained for as long as necessary to meet legal, regulatory, and operational requirements. When information is no longer needed or legally required to be kept, we use secure disposal methods — including physical destruction, permanent digital deletion, and de-identification — to safeguard individuals’ privacy.
Mary MacKillop Today operates internationally, and some personal information may be disclosed to overseas recipients or processed by third-party service providers.
We use Salesforce as our Customer Relationship Management (CRM) system, with data servers located in Japan. Payment transactions are processed via Stripe, our payment gateway, which may involve overseas data handling. Stripe employs robust security measures — including masking credit card details — meaning we do not store or have access to your full credit card numbers.
In line with the Privacy Act 1988 (Cth), Mary MacKillop Today remains accountable for personal information disclosed overseas and takes reasonable steps to ensure it is managed in accordance with the Australian Privacy Principles.
We use personal information for purposes such as:
- Processing donations and issuing receipts.
- Responding to enquiries and supporter care.
- Sending updates and marketing communications.
- Recruiting staff and volunteers.
- Administering programs and evaluating outcomes.
- Complying with legal obligations and internal risk management.
- Disclosing information to service providers performing duties on our behalf (e.g. mailing houses, IT providers).
We do not sell or rent personal information. We will only disclose personal information with consent, as required by law, or where it would be reasonably expected.
Mary MacKillop Today is committed to complying with Australia’s Notifiable Data Breach (NDB) scheme. In the event of an eligible data breach (where there is unauthorised access or disclosure of personal information likely to result in serious harm to individuals), we have a robust data breach response plan. This plan includes the immediate assessment and containment of the breach, and, where required, timely notification to affected individuals and the Office of the Australian Information Commissioner (OAIC).
We may use your personal information to contact you about our work and fundraising. Every marketing message will include an option to unsubscribe or manage your preferences.
To opt out of communications, individuals can:
- Follow instructions on the communication.
- Contact our Donor Care Officer directly (details below).
You may request access to, or correction of, the personal information we hold about you.
Contact:
Mary MacKillop Fundraising Team:
- Phone: +61 2 8912 2777
- Email: [email protected]
- Mail: PO Box 1646 North Sydney 2060 NSW
If we refuse access or correction, we will provide written reasons and record any contrary statement you provide.
If you believe we have breached your privacy, please contact our:
Privacy Officer
- Email: [email protected]
- Phone: +61 2 8912 2777
- Mail: PO Box 1646 North Sydney NSW 2059
If you are not satisfied with the outcome, you may contact the Office of the Australian Information Commissioner (OAIC) via www.oaic.gov.au. Alternatively, for breaches of the ACFID Code of Conduct, complaints can be lodged at www.acfid.asn.au.
