Privacy

RAILS is the name we use in this Privacy Policy to describe ourselves (“we”/“us”). This privacy policy applies to RAILS and all the services we provide.

We collect, use and disclose personal information to perform our functions and activities. This includes providing legal assistance to our clients, providing updates about our activities and events and collecting donations. 

The kinds of personal information we collect from clients include:

• contact details (such as your name and address);
• information you provide to us when applying for legal assistance;
• information required to provide legal services to you;
• communications between us in relation to the matter; and
• sensitive information, which is a category of personal information that includes information about things like health, ethnic origin, political or religious beliefs, sexual preferences and genetic or biometric information.  We will only collect this kind of information from you with your consent (including if you give us consent to access records containing this information), so it is your choice whether or not to provide this information to us.

Sometimes our clients give us personal information of applicants and/or third parties. We only use that information to provide legal services to our clients.

We require you to provide “core” information needed for us to help you, such as your name, date of birth, one method of contact as well as the name and date of birth of any other parties involved. Without this information, we may not be able to represent you. It is optional for you to provide other “non-core” information. However, if you do not provide us with enough information about your matter, this may affect our ability to give you complete legal advice and assistance based on your individual circumstances.

We prefer to collect your personal information directly from you through our referral form, conversations (in person, or over the phone) or through other correspondence with you. 

Sometimes, we may collect your personal information from publicly available sources (such as your social media profiles) or from a third party if you have authorised it. For example, you may provide us with the contact details of a support worker (if they are happy for you to do so) and authorise us to speak to that support worker about you and your matter. You may also authorise us to collect information from third parties such as the Department of Home Affairs, police or health providers, persons who you want to provide supporting statements and court registries.

If you are making a referral to RAILS about someone else, you will need to get their consent to provide their personal information to us.

Personal information we collect from prospective and actual clients is used to:

• assess whether we are able to offer you legal assistance; and
• provide legal advice and assistance.

We de-identify the personal information of all clients in all external publications such as our annual reports, law reform submissions, contributions to legal and other publications promotional materials as well as the content of training and presentations.

We may use or disclose your personal information:

• where you have expressly or impliedly consented to the use or disclosure;
• in confidence, to other legal professionals assisting us to provide legal services to you, such as a barrister;
• in confidence, to our advisers and insurers including for regular audits;
• in confidence, to interpreters who assists us to communicate;
• in confidence, to third parties who provide services to us; and
• otherwise, where permitted by the Australian Solicitors Conduct Rules or required by law.

The categories of people that we may disclose your personal information to with your consent (which may be express or implied) are:

• to the Department of Home Affairs, the Administrative Appeals Tribunal and Federal Courts;
• experts providing advice to assist with your legal claim;
• your support workers, including health and social workers; and
• other legal and/or community services who may be able to provide you with further assistance.

We may also de-identify information about you, by removing details from information that make it possible to recognise you, and use the de-identified information for reporting and record-keeping purposes. 

We take all reasonable steps to ensure that your personal information is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure.

The personal information we collect is stored electronically in secure computer systems or in hard copy files. Our databases containing client information are password-protected. Our IT service providers host information in data centres in Australia.

For personal information of our clients, we are required by law to retain your personal information for a minimum of seven years after you have ceased your relationship with us. Subject to any requirement to retain information for a longer period of time, after such time has passed or if we otherwise determine that we no longer need information about you, we will securely destroy or de-identify your personal information. Hard copy files are stored securely and are shredded by Shred-X Secure Destruction when required to be destroyed. 

All RAILS employees and volunteers are required, as part of their service, to treat all client information held by RAILS as highly confidential.

You may request access to your personal information and ask us to correct it. We encourage all requests for access to your personal information to be directed to us by email admin@rails.org.au or by writing to the address below.

We will respond to all requests for access to personal information within a reasonable time of you making the request and give you access to your personal information in the manner requested, unless it is unreasonable or impracticable for us to do so.

Sometimes we will be able to respond to your query over the phone, but sometimes we may need your request in writing and we might need some time to gather the requested information and get back to you. We may need more time to respond to requests for a large amount of information, or information which is not currently in use.

In some cases, we may be unable to give you access to your personal information where we are permitted by law to refuse access. 

If we refuse to give you access we will provide you with reasons for our refusal in writing. If we refuse you access, you can make a complaint about this by following the procedures in this privacy policy.

We try to ensure that the information we hold about you is accurate, complete, relevant and up-to-date. Generally, if you request us to do so we will amend any personal information we hold about you which is inaccurate, incomplete, irrelevant or out-of-date.  Please help us to do this by letting us know if your details change or if we send you an email or letter that contains incorrect details.

If we are unable to correct your personal information, you may ask us to attach a statement to that information saying that the information is inaccurate, out-of-date, irrelevant or misleading, and we will take reasonable steps to associate this statement with your personal information.

If you would like more information about the way we manage personal information which we hold about you, or wish to make a complaint about how we have managed your personal information, please contact us:

• by email: admin@rails.org.au;
• by post: PO Box 5143 WEST END QLD 4101;
• by phone: (07) 3846 9300 or
• by fax: (07) 3844 3073.

We will try to respond to your enquiry as soon as possible.

We take any privacy complaint seriously and will deal with your complaint fairly and promptly. When we respond to you, we will let you know if there is an entity to whom you may escalate your complaint if you are not satisfied with our response or how we handled your complaint. 

We collect personal information from our volunteers and our supporters to whom we provide updates about our services and who donate to us. The kinds of personal information we collect may include:

• contact details (such as your name and address); and
• information provided to us when applying to be a volunteer (such as your career history and education details) or when making a donation.

If you would prefer to interact with us anonymously or using a name other than your own (a “pseudonym”), please let us know. If you do not provide us with certain personal information (such as your contact details), we may still be able to do certain things, like accepting donations. However, we may not be able to do other things, such as having you volunteer with us.

Personal information of our volunteers and supporters is generally collected directly from you. Sometimes it is collected from:

• your referee when you nominate that person to provide a reference for you; or
• an organisation that you have asked to provide your information to us, such as when you ask your university to nominate you to be a volunteer at RAILS.

Personal information we collect from prospective and actual volunteers and supporters is used to:

• process your donation to us;
• assess your application to be a volunteer with us;
• provide supervision to you as a volunteer; and
• contact you with updates about RAILS. You can contact us admin@rails.org.au at any time if you no longer wish to receive updates from us or from any of our services.

Please contact us if you have any questions about this category of personal information.

Our privacy policy is available on our website. From time to time, it may be necessary for us to review and revise our privacy policy.  We reserve the right to change our privacy policy at any time.

Our privacy policy was last updated in April 2019. By continuing to use our websites or otherwise continuing to deal with us, you accept this privacy policy as it applies from time to time.

We will post all updates to our privacy policy on our website www.rails.org.au.