Plain English Foundation Pty Ltd (ABN 57 099 330 775), trading as Plain English Foundation, provides training, editing, evaluation and document design services.
We understand the importance of information security and protecting privacy your personal information. We adhere to privacy principles both by design and by default.
To demonstrate that we comply with the latest regulations, we continually seek improvement through our information security and privacy management system.
We have conducted a risk assessment of how personal data is processed. And we have implemented measures to ensure your data is:
If you want to find out what security measure we have in place, you can ask us for Data Protection Agreement. See section 16.
Our commitment to continuous improvement is demonstrated through our risk assessment and treatment process and our incident management procedures. These processes cover our privacy practices and how we manage personally identifiable information (PII).
We take a continuous improvement approach to providing, managing and improving our products and services from a privacy perspective. This includes activities such as developing new products, conducting surveys, seeking your feedback, and responding to requests or queries, which may include verifying your identity.
In this policy, ‘personal information’ has the same meaning as in the Privacy Act. Personal information is any information that can be used to personally identify you, including your name, address, phone number, email address and profession or occupation.
We collect personal information only to carry out our business, deliver our products and services and improve customer service. The type of personal information we collect depends on how you interact with us. Typically, we collect your:
We do not normally collect sensitive information about you such as information about your health, racial background, religious or political beliefs or date of birth. If we do collect sensitive information, we will obtain your consent first, and will only do so if it is reasonably necessary for our business functions.
If you do not agree to provide us with your personal information, we may not be able to provide services to you or your organisation.
We may collect personal information from you during normal service delivery, such as when:
We collect personal information either directly from you, from someone else at your company or organisation, or from a third party who is authorised to provide your details to us. If we obtain your information from a third party, we will ask them to confirm in writing that they have legally obtained your personal information and that we have the right to acquire it from them and use it.
We collect, hold, use and disclose personal information to conduct administrative and business functions, including:
We will only collect information we need to conduct our business and maintain our relationship with you or your business. We will not share, sell, rent or disclose your personal information other than as described in this policy.
We may disclose your personal information to our employees and related companies for the purposes set out in section 6. We may combine or share your information with information collected by the other companies.
We may also disclose your personal information to:
Except as set out above, we will only disclose personal information if it is required by law or a court or tribunal order or is otherwise permitted under the Privacy Act.
We may disclose your personal information to service providers outside Australia, including in the United Kingdom, United States of America, Singapore and the Netherlands for some of the purposes set out in section 6. We will contractually ensure that overseas recipients of your personal information protect your personal information at a level that is equivalent to the APPs.
We store personal information to ensure that we can manage and maintain communications with organisations we do business with. Contact may be verbal, electronic or written.
We will only store your personal information if it is relevant to conducting business with you. We do not normally store information that is sensitive information.
We take all reasonable precautions to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure. To do this, we use a combination of physical, administrative and technical safeguards.
Our staff are contractually bound by confidentiality obligations. And we hold your personal information in either:
When we collect PII, it is stored in our backup files for 28 days. We retain these files so that we can restore our systems if we our servers fail.
Our website is linked to the internet, and as the internet is inherently insecure, we cannot provide any assurance about the security of the information you transmit to us online. We also cannot guarantee that the information you supply will not be intercepted as it is being transmitted. Accordingly, if you transmit any personal or other information to us online, you do so at your own risk.
If your personal information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except where we are required by law or a court or tribunal order to keep the information.
We may send you marketing communications to tell you about:
We may send communications in various forms, including SMS and email, in line with relevant laws, such as the Spam Act 2003. You consent to us sending you communications by those methods. If you tell us you prefer a certain method of communication, we will take reasonable steps to use that method whenever it is practical to do so.
If you do not want to receive communications from us, you can opt out. You can either:
We will then remove your name from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
We will take all reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete.
At any time, you can ask to access your personal information. You can also ask us to correct your personal information if it is inaccurate, incomplete or out of date.
We will meet your request where it is reasonable and practicable to do so. However, we may deny access as permitted by the Privacy Act. For example, we may need to refuse access if doing so would interfere with others’ privacy, is unlawful or would result in a breach of confidentiality.
If you wish to access or correct your personal information, write to our Data Protection Officer using the contact details in section 16 or use the contact form on our website.
Our Data Protection Officer will respond to you within 30 days of your request. If we deny your request, we will provide you with our reasons in writing. We will also tell you how you can complain about our refusal.
If you have concerns about how we handle your personal information or you wish to make a complaint about a breach of the APPs, you can write to the Data Protection Officer, using the contact details set out in section 16.
The Data Protection Officer will respond to you in writing within 30 days of receiving your complaint. They will either describe what we will do as a result of your complaint or, if there has been no breach, they will explain this to you.
When you access our website, we may send cookies to your computer. Cookies are small summary files containing a unique ID number.
If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
Any activity you do on our website may be monitored. We may log your IP address (the electronic address of computers connected to the internet) to:
Our website may contain links to other websites operated by third parties. We make no representations or warranties about their privacy practices, and we are not responsible for their privacy policies or the content of any third party website.
You may withdraw your consent at any time by contacting us using the details in section 16. We may ask you to put your request in writing and provide proof of identity, depending on the data you’re withdrawing consent for.
If the GDPR applies to your personal information, read about your rights here.
Phone: 1300 691 885
Mail: Data Protection Officer, Plain English Foundation, PO Box Q194, Queen Victoria Building NSW 1230.