Sustainable Gardening Australia Inc, as trustee for the Sustainable Gardening Australia Foundation (SGA) recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our privacy policy. It tells you how we collect, use, disclose and otherwise manage your personal information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act).

A copy of the APPs is available on the website of The Office of the Australian Information Commissioner at www.aoic.gov.au.

If you have any questions or feedback about this Policy, or the way in which SGA handles personal information, please contact us. You can also contact us to request a hard copy of this Policy.

Contacting SGA

Privacy Officer, SGA

post: 6 Manningham Road West, Bulleen, Victoria, 3105
phone: (03) 8850 3050
email: privacy@sgaonline.org.au

What is Personal Information, and how do we collect it?

1. The personal information that we collect about individuals depends on your dealings with SGA and SGA’s Green Gardening Professionals (GGP) program (together SGA). For example, if you:

(a) become a supporter or member of SGA, a GGP member, an SGA Community Partner, a Friend of SGA, provide SGA with information by, for example leaving an online comment or subscribing for communications on SGA’s website or other social media platforms or otherwise, offer to volunteer or work with SGA, or donate to SGA, we may collect your name, organisation, contact details, postcode, state or territory, the amount and frequency of any donation, payment details, and the information you include in any application, including any sign up form, cover letter, resume, contact details and referee reports;

(b) send us an enquiry, we may collect your name, contact details, information about your circumstances that you provide to us and details of your query;

(c) participate in our surveys, we may collect your name, email address, postcode and your survey responses;

(d) attend a workshop or training program, attend an SGA event or ask to be placed on an event wait list, we may collect your name, organisation, contact details, postcode, state or territory, payment details (if applicable) and any dietary and accessibility requirements;

(e) other personal information that we collect in the course of a transaction or that you provide to us when you contact us;

(f) details about services we have provided to you or that you have enquired about, including any information necessary to deliver those services to you and to respond to your enquiries;

(g) any additional information relating to you that you provide to us directly through our website (www.sgaonline.org.au) or social media pages, or indirectly through your use of our website or online presence or through other websites or accounts from which you permit us to collect information; or

(h) any other personal information that may be required in order to facilitate your dealings with us.

2. We may collect these types of personal information either directly from you, or from third parties. We may collect this information when:

(a) you register on or subscribe to our website or social media pages;

(b) you complete a transaction e.g. make a donation, sign up for our newsletter or membership with us, sign up for a training event;

(c) a transaction is completed on your behalf; or

(d) you contact us.

3. Usage data is collected automatically when you use SGA’s online sites and the third-party services used on those sites. The information collected may include IP addresses or domain names of the computers you use, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc), the country of origin, the features of the browser and the operating system you used, various time details per visit (eg, the time spent on each page), details about the path followed within the site with special reference to the sequence of pages visited, and other parameters about the device operating system and/or your IT environment.

4. What if you don’t provide us with your personal information? In some circumstances we provide individuals with the option of not identifying themselves, or of using a pseudonym when dealing with us (for example, when viewing our website or making general phone queries). Sometimes, we will need personal information to complete a transaction or supply a service. For example, donations may be made anonymously, but SGA may not be able to issue a tax-deductible receipt to anonymous donors.

5. We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.

6. Where reasonably practicable, we attempt to collect information directly from individuals. When we collect information, we will generally explain to the individual why we are collecting it, who we give it to and how we will use or disclose it or, alternatively, those matters will be obvious from the circumstances.

7. If we collect information about an individual from someone else, we will take reasonable steps to ensure that the individual is made aware of the matters set out in clause 1.

Why do we collect personal information?

8. The main purposes for which we collect, hold, use and disclose personal information are set out below:

(a) to enable you to access and use our website and social media pages;

(b) to run workshops and other training programs;

(c) to operate, protect, improve and optimise our website, organisation and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;

(d) to send you information requested by you, as well as service, support and administrative messages, reminders, technical notices, updates, and security alerts;

(e) to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our partners that we think you may find interesting;

(f) to seek funding and donations, organise fundraising events and report to funding providers;

(g) to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our partners;

(h) to process payments, answer queries and resolve complaints;

(i) to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties;

(j) to recruit and manage volunteers, staff and contractors;

(k) to recruit for and manage the Friends of SGA program;

(l) to recruit for and manage SGA’s Community Partner program;

(m) to recruit for and manage SGA’s GGP Program; and

(n) to acknowledge our volunteers and supporters, board members and staff by naming them on our website and in publications.

9. If visitors leave comments on the website:

(a) we collect the data shown in the comments form, and the visitor’s IP address and browser user agent string to help spam detection;

(b) an anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.

10. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

11. Direct marketing is the promotion of goods and services directly to you including through emails, SMS, phone calls, social media and the post. We will only send you direct marketing materials if you would reasonably expect to receive them or you have consented. If it is impractical to gain your consent, and if it is lawful for us to do so we will always provide a simple means for you to request not to receive the material (‘opting out’).

12. You can opt out of receiving marketing communications from us by:

(a) informing us if you receive a marketing call that you no longer wish to receive these calls;

(b) using the unsubscribe facility that we include in our commercial electronic messages (such as email and SMS) to opt out of receiving those messages, or

(c) contacting us at the addresses set out on page 1 of this Policy.

13. Cookies/Tracking Technology SGA’s website uses cookies and tracking technology such as Google Analytics, WordPress Stats, Facebook and Instagram Insights, Mailchimp List Statistics and WeTeachMe. That tracking technology is useful for gathering information such as browser type and operating system, tracking the number of visitors to the site, and understanding how visitors use the site. Cookies also help customise the site for visitors. Personal information cannot be collected via cookies, however, if you have previously provided personally identifiable information, cookies may be tied to that information. Aggregate cookie and tracking information may be shared with Google Analytics, Facebook and Instagram Insights, WordPress Stats, Mailchimp List Statistics and WeTeachMe to provide us with site usage and management statistics.

(a) Google Analytics (Google Inc.) Google Analytics is a web analysis service provided by Google Inc. (Google). Google utilizes the data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.

(b) WordPress Stats (Automattic Inc.) WordPress Stats is an analytics service provided by Automattic Inc.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy.

(c) Google Maps widget (Google Inc.) Google Maps is a maps visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(d) Gravatar (Automattic Inc.) Gravatar is an image visualization service provided by Automattic Inc. that allows this Website to incorporate content of this kind on its pages. Note that if Gravatar images are used for comment forms, the commenter’s email address or parts of it may be sent to Gravatar – even if the commenter has not signed up for that service.

Personal data collected: email address and usage data.
Place of processing: United States – Privacy Policy.

(e) YouTube video widget (Google Inc.) YouTube is a video content visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(f) Google Fonts (Google Inc.) Google Fonts is a typeface visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.
Personal data collected: usage data and various types of data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Privacy Shield participant.

(g) Handling payments Payment processing services enable this Website to process payments by credit card, bank transfer or other means. To ensure greater security, this Website shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.

Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning the payment.

(h) PayPal (PayPal Inc.) PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: See the PayPal privacy policy –Privacy Policy.

(i) Stripe (Stripe Inc) Stripe is a payment service provided by Stripe Inc.

Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(j) Mailchimp (The Rocket Science Group, LLC) Mailchimp is an online marketing platform.

Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.

14. Infrastructure monitoring services allow SGA’s online sites to monitor the use and behavior of their components, so that their performance, operation, maintenance and troubleshooting can be improved. The information which is processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of SGA’s online sites:

(a) Uptime Robot (Buzpark Bilisim Tarim Urunleri Sanayi Tic. Ltd. Sti.) Uptime Robot is a monitoring service provided by Buzpark Bilisim Tarim Urunleri Sanayi Tic. Ltd. Sti.

Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: Turkey – Privacy Policy.

(b) Interaction with external social networks and platforms This type of service allows interaction with social networks or other external platforms directly from the pages of this Website. The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.

(c) Facebook and Instagram Like buttons and social widgets (Facebook, Inc.) The Facebook and Instagram Like buttons and social widgets are services allowing interaction with the Facebook and Instagram social networks provided by Facebook, Inc.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(d) Google+ +1 button and social widgets (Google Inc.) The Google+ +1 button and social widgets are services allowing interaction with the Google+ social network provided by Google Inc.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(e)  The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(f) LinkedIn button and social widgets (LinkedIn Corporation) The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy.

(h) SendinBlue Email (SendinBlue SAS) SendinBlue is an email address management and message sending service provided by SendinBlue SAS.

Personal data collected: Cookies, email address and usage data.
Place of processing: France – Privacy Policy.

(i) WeTeachMe WeTeachme is an Australian based Booking System service. Information about you is collected in order to conduct our workshops.

Place of processing: Australia – Privacy Policy.

(j) SPAM protection This type of service analyzes the traffic of this Website, potentially containing Users’ Personal data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

(k) Google reCAPTCHA (Google Inc.) Google reCAPTCHA is a SPAM protection service provided by Google Inc. The use of reCAPTCHA is subject to the Google privacy policy and terms of use.

Personal data collected: Cookies and usage data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

(l) Akismet (Automattic Inc.) Akismet is a SPAM protection service provided by Automattic Inc.

Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.

(m) Mailchimp (The Rocket Science Group, LLC) Mailchimp is an online marketing platform.

Personal data collected: various types of data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.

15. Location-based interactions

(a) Geolocation (this Website) SGA’s website may collect, use, and share location data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default.

Personal data collected: geographic position.

(b) Managing contacts and sending messages This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with you. These services may also collect data concerning the date and time when you view a message, as well as when you interacted with it, such as by clicking on links included in the message.

16. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Who do we disclose your personal information to?

17. The nature of SGA’s relationship with you will determine whether it is necessary for us to disclose your personal information to other parties. We will ordinarily let you know who we will disclose your personal information to when we collect the information from you (unless there are practical reasons for not informing you).

Common third parties we might need to disclose your personal information to include:

(a)    to employees, volunteers, office holders of and bodies related to SGA;
(b)    our contracted suppliers and service providers which include:
(i)    information technology service providers;
(ii)    booking and payment gateways and payment systems operators (eg financial institutions or merchants receiving card payments);
(iii)   conference, function and training organisers;
(iv)    marketing, communications and research agencies;
(v)    freight and courier services;
(vi)   printers and distributors of direct marketing material; and
(vii)  external business advisers (such as recruitment advisors, auditors or lawyers);
(c) existing or potential partners;
(d) sponsors or promoters of SGA or any competitions that we conduct;
(e) third parties where you consent to the use or disclosure;
(f) referees whose details are provided to us by job applicants;
(g) where required or authorised by law.

18. In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services

19. We may disclose personal information to our contracted information technology service providers that are hosted off-shore.

Storage and security of the information we hold

20. We may hold personal information in both hard copy and electronic formats.
Paper files are stored in secure cabinets at SGA’s office. They may also be archived in boxes and stored offsite in secure facilities.

21. We use a secure server using the latest 128-bit SSL (secure sockets layer) encryption technology to process any financial transactions.

22. The steps we take to secure the personal information we hold include:

(a) website protection measures (such as encryption, firewalls and anti-virus software);

(b) access restrictions to our computer systems (such as login and password protection); and

(c) staff training and implementation of workplace policies and procedures that cover access, storage and security of information.

23. SGA strives to protect the personal information and privacy of users of our website and social media pages, however, we cannot guarantee the security of any information that you disclose to us and you disclose that information at your own risk.

24. Links which SGA provides to third party websites that are not operated or controlled by SGA are provided for your convenience. SGA is not responsible for the privacy or security practices of those websites. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

Sensitive Information

25. Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

26. The only sensitive information which SGA collects is information, if any, relevant to:

(a) an individual’s membership of relevant professional bodies; and

(b) an individual’s criminal record are or health information if that individual has a role as for example a volunteer, employee or contractor of SGA.

27. Sensitive information will be used by us only:

(a) for the primary purpose for which it was obtained;

(b) for a secondary purpose that is directly related to the primary purpose; or

(c) with your consent; or

d) where required or authorised by law.

How long we retain your data

28. If you leave a comment on our website or on a social media page, the comment and its metadata are retained indefinitely.

29. We also store the personal information provided in the profile of users who register on our website. Users can see, edit, or delete their personal information (except they cannot change their username). Website administrators can also see and edit that information.

30. When your personal information is no longer needed for the purpose for which it was obtained, unless we are required by law to keep it for a longer period, we will take reasonable steps to destroy or permanently de-identify your personal information. Most personal information is or will be kept by us for a minimum of 7 years.

Access to your Personal Information

31. We will take reasonable steps to provide you with access to your personal information. For example, if your personal information has been provided to us on our website or social media pages, or if you have left comments, you can request an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

32. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.

33. We will take reasonable steps to correct your personal information if we are satisfied that it is inaccurate, out of date, incomplete, irrelevant or misleading. If we have provided your personal information to third parties, we will also notify them of the correction if you ask us to do so, unless it is impracticable or unlawful.

34. Requests to access and correct your information should be made by email, post or phone using the details provided on page 1 of this Policy. In order to protect your personal information, we will need to verify your identity before processing your request. We will endeavour to respond to your request within 30 days.

35. If we do not agree with your request to access or correct your information, we will provide you with written reasons for our decision and available complaint mechanisms.

Maintaining the Quality of your Personal Information

36. It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

This Policy was last updated on 19th December 2018.