Donate
Donate

Privacy & Data Protection Policy

1. Introduction

Our Ocean School Ltd (OOS) respects the privacy of individuals whose personal information it collects, holds or administers in the course of its operations. OOS is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) (including the Australian Privacy Principles), and relevant constitutional purposes set out in the OOS Constitution (such as governance, accountability and transparency).

 

This policy sets out how OOS manages, protects and uses personal information, and the rights of individuals in relation to their personal data.

2. Scope

This policy applies to:

  • OOS Board members, staff, volunteers and contractors;
  • Individuals and organisations whose personal information is collected by OOS;
  • Third parties entrusted with the handling or processing of OOS personal data.

3. Definitions

Personal Information
Information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of how the information is collected or stored.

Sensitive Information
A subset of personal information that includes details such as health, racial or ethnic origin, religious beliefs, sexual orientation and other personal characteristics that receive higher protection under the Privacy Act.

Data Protection
Security measures (physical, administrative and technological) implemented to safeguard personal information against misuse, interference, loss, unauthorised access, modification or disclosure.

De-identification
The process of removing or altering information so that it can no longer be used to identify an individual.

4. Policy Principles

4.1 Lawful and Fair Collection

OOS will only collect personal information that is necessary for its functions, which may include:

 

  • Processing donations, sponsorships, grants and financial transactions;
  • Maintaining supporter, member, volunteer and partner records;
  • Communicating with stakeholders about OOS activities;
  • Fulfilling legal, regulatory and compliance obligations.

 

Where reasonable and practicable, OOS will collect personal information from the individual directly.

4.2 Consent and Notice

Before or at the time of collection, OOS will (where required) inform individuals about:

 

  • The purpose for which their personal information is being collected;
  • The main consequences (if any) of not providing the information;
  • How their information will be used, stored and disclosed.


Consent will be obtained where required by law or best practice.

4.3 Use and Disclosure

OOS will use personal information only for the primary purpose for which it was collected or a directly related secondary purpose that the individual would reasonably expect. OOS will not use or disclose personal information for unrelated purposes without consent, unless permitted or required by law.

 

OOS may disclose personal information to third-party service providers (such as IT hosting, financial processing, or marketing platforms) who assist OOS in its operations, provided they are bound by similar privacy obligations.

4.4 Data Quality & Security

OOS will take reasonable steps to:

  • Ensure personal information is accurate, complete and up to date;
  • Protect personal information from misuse, interference, loss and unauthorized access, including through physical, electronic and managerial safeguards (e.g.secure servers, password protection and access controls).

Service providers and cloud hosts used by OOS will be reviewed for compliance with privacy obligations.

4.5 Storage & Retention

Personal information will be retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Secure methods will be used for disposal or de-identification when records are no longer needed.

5. Website & Online Data (Cookies)

OOS may use cookies or similar online tracking tools on its website and digital platforms to:

  • Improve user experience;
  • Analyse trends and usage patterns;
  • Gather non-identifiable information (e.g. page views).

Cookies generally do not enable direct personal identification. Individuals may configure their browser settings to refuse cookies, but this may affect site functionality.

6. Rights of Access, Correction & Removal

Individuals whose personal information is held by OOS have the right to:

  • Request access to their personal information;
  • Request correction of information that is inaccurate, out of date or incomplete;
  • Request removal of their details from OOS databases, subject to legal or contractual constraints.

Requests should be made in writing to OOS’s Privacy Officer.
OOS aims to respond to all requests for access or correction within 30 days.

7. Data Breaches

OOS will respond promptly to any data breach incident. If a breach is likely to result in serious harm, OOS will notify affected individuals and, where required, the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act.

 

OOS will maintain an internal Data Breach Register to document all incidents, responses, and remedial actions taken.

8. Child and Sensitive Information

OOS will exercise additional care when handling sensitive information, including data relating to children or vulnerable persons. Personal data of minors will only be collected with express consent of a parent or guardian and used for appropriate, lawful purposes.

9. Complaints Handling

Individuals who believe their privacy rights have been breached may lodge a complaint with OOS. OOS will investigate and respond in accordance with its Complaints Handling Policy, and as required by law.

 

If an individual remains dissatisfied, they may escalate the complaint to the OAIC.

10. Training & Awareness

OOS will ensure relevant personnel receive appropriate training on privacy protection, data security and obligations under the Privacy Act.

11. Responsibilities

  • Board of Directors: Oversight and approval of this policy.
  • CEO/Executive: Implementation and compliance.
  • All Personnel: Adherence to policy requirements.

12. Review

This policy will be reviewed at least every two years, or sooner if legislative or operational changes require

  • Get In Touch
 

We’re always looking to connect and partner with likeminded people and organisations. Please contact us directly via the  below or via social media. 

Email

ouroceanschool@gmail.com

Whatsapp

+61468943246

Dusun Kampung,
Desa Tuapajet, North Sipora,
Mentawai Islands

info@ouroceanschool.org

Our Ocean School Ltd is a registered charity with the Australian Charities and Not-for-profits Commission (ACNC). ABN: 19689574856.

Donations are gratefully received to support our charitable work.
(Tax-deductible status pending).

Get involved in our missions and give impacts

Donate

Connect with us 

Get involved in our missions and
give impacts

Donate

Connect with us