Privacy Policy – The Sunrise Project Australia Ltd

About this privacy policy

We respect your privacy and are committed to protecting your personal information. This privacy policy explains how and why we collect, store, use and share personal information, your rights to control our use of it and your rights to contact us and your privacy regulator.

It applies not just to use of this website, but also to personal information collected through other online and offline interactions with you in the course of our charitable work. This includes potential and existing partners, people interested in working for or with us, our suppliers, and people who want to learn more about our work and mission.

Who are we?

This privacy policy is for The Sunrise Project Australia Ltd (ACN 159 324 697). References in this privacy policy to The Sunrise Project, we, us, and our are references to this entity or another entity responsible for dealing with your personal information on our behalf.

Where we collect or use personal information, we are regulated under applicable data protection laws including the Australian Privacy Act 1988 (Cth) and the EU General Data Protection Regulation (GDPR). This privacy policy sets out information we are required to provide under applicable data protection laws.

Why and how we collect personal information

We collect and use personal information from different categories of people for different purposes. This may be:

  • with your consent
  • to perform a contract with you or a relevant party
  • legitimate interests in operating our charity, which includes recruitment as an employee or contractor, engaging with or supporting your organisation, inviting you to events, and conducting research and analysis in furtherance of our charitable purposes, or
  • to comply with our legal obligations.

Below are the main categories of people covered by this privacy policy and the types of personal information we collect and the purposes we will use it for.

If you submit an application to work with us, whether as an employee or contractor: we will hold any personal information you provide to us (via our website or other methods) or sent to us by a third-party recruitment agency or website. This is likely to be your name, contact details and personal information contained in your CV. We may collect sensitive information as part of our organisational commitment to diversity and inclusion. We will use this information for the purpose of communicating with you and evaluating your application.

If you fill in a form on our website to contact us: we will store the information you enter or submit (e.g. name, contact details, comment and any other information you choose to submit) for the purposes of responding to your enquiry and keeping you updated on our work.

If you sign up to receive email newsletters or other campaign materials, or we invite you to events: we will hold you name, country, organisation and email address for the purpose of sending you updates and news that we think you will find interesting, sending you information about our work, and occasionally inviting you to events (in which case we may need extra information such as dietary and access requirements). You can unsubscribe from these at any time by using the “unsubscribe” links at the bottom of each email.

If you work for one of our partner organisations or if you are an industry/movement contact: we may hold your name, organisation, job title and contact details and in certain situations, we may hold your identity and background information for the purposes of ‘know your partner’ checks or your feedback or opinion. We will have been provided with this information either by you or your employer or in some cases we may have sourced it from publicly available sources. We need this information in order to interact with you (or your employer) for the purposes of running our charity properly and communicating with relevant people. We may also need this information for regulatory reasons.

If you are a supplier or work for a supplier: we may hold your name and contact details in order to interact with you or your employer to procure and pay for goods and services. In some situations, we may hold your identity and background information for the purposes of ‘know your partner’ checks or for other regulatory reasons.

Please note that providing personal information to us is voluntary on your part. If you choose not to provide us with certain information, we may not be able to support or work with you or your organisation, consider your application, or provide you with information.

If you provide us with personal information about someone else, you must ensure that you are entitled to disclose that personal information to us, that we may collect, use and disclose that personal information in accordance with this privacy policy without taking any further steps, and that you make such person aware of the contents of this privacy policy.

We may also collect information such as your internet protocol (IP) address for monitoring and improving the effectiveness of our website services as well as its security.

How we use cookies and similar technologies

We may store information relating to you using cookies or similar technologies when you visit our websites. You can read about how we use cookies in our Cookies Notice.

Retention of personal information

We retain personal information consistent with the purposes for which the personal information was collected, taking into account applicable data protection laws, retention periods under applicable laws, and our organisational needs.

Personal information sharing

We may share your personal information with the following parties, in certain circumstances:

  • Other entities within The Sunrise Project network, being currently, the Windward Fund, a section 501(c)(3) public charity registered in the United States
  • IT service providers acting as data processors (see below) who provide services or cloud-based software to enable us to operate our business
  • Professional advisors such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services
  • Third parties engaged or involved in the course of the work we do, such as experts and consultants
  • Third party event hosts, speakers and attendees if appropriate
  • Law enforcement or regulatory authorities if required by law

Data processors

Our IT service providers (acting as data processors) generally fall under the following categories:

  • Website analytics
  • Website and data hosting
  • IT and system administration
  • Document storage
  • Email, contacts and calendar
  • Collaboration, project management and messaging tools
  • Recruitment and human resources management
  • Online meetings
  • CRM, accounting and billing

Our ‘data processors’ only process information on our behalf. They won’t use your personal information for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law. For security reasons we do not name all our service providers in this privacy policy.

Your personal information rights

The personal information we hold about you is your information, and you have certain rights over the information under applicable data protection laws. You have the right to request a copy of all personal information we hold relating to you. You also have the right to require us to correct any mistakes in the personal information we hold relating to you, so please let us know (see “How to contact us” below) if we need to update any of your personal information we hold. Under some applicable data protection laws, you may also have the following rights:

  • Where we are processing your information based on your consent, you may be able to withdraw that consent, however we may still be able to process your personal information to the extent permitted by applicable data protection laws.
  • Where we process your information based on a legitimate interest, you may have the right to object to our processing of that information if you feel it impacts on your fundamental rights and freedoms.
  • You may have the right to object where we are processing your personal information for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all subscriber emails.
  • In certain situations, you may have the right to require us to erase personal information where there is no good reason for us continuing to process it, or to request restriction of processing of your personal information.
  • Finally, you may have the right to request the transfer of your personal information to you or a third party in a structured, commonly used, machine-readable format in certain circumstances.

If you would like to exercise any of these rights, please refer to “How to find out more” below.

Keeping personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Transfers of personal information

We may transfer the personal information we collect to, and store such information in, other countries which may have different data protection laws than the country in which the information was provided. If we do so, we will always take measures to comply with legal requirements under applicable data protection laws and to protect that information.

Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Most of them reserve the right to hold copies of your personal information outside the European Economic Area (EEA).

In each case we and our processors employ mechanisms to help safeguard your privacy rights, as required under applicable data protection laws, such as:

  • Certain processors only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the relevant regulator.
  • Providers storing information in the US, may be self-certified to the EU-US Privacy Shield (such as NationBuilder) which requires them to provide similar protection to personal information shared between the Europe and the US.

Changes to this privacy policy

This privacy policy was last updated June 2021. Changes and updates may alter the terms that you have previously agreed to. We recommend that you read it carefully and check back regularly.

How to find out more or make a complaint

If you have any questions, concerns, or want more information about our privacy management, please email the Privacy Officer at privacy@sunriseproject.org. You can also contact our Privacy Officer to request anything outlined under your personal rights above.

At all times, you have the right to report a concern or a complaint with any relevant regulator, including the Office of the Australian Information Commissioner and for relevant individuals the GDPR Information Commissioner’s Office.