Privacy Policy

Privacy Policy

Introduction This Privacy Policy explains how CuriousWorks handles your personal information and data. It is based on the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), which regulate the manner in which personal information is handled throughout its life cycle – from collection to use and disclosure, storage, accessibility and disposal.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at

This Policy may change from time to time and is available on our website.

What is Personal Information and how do we collect it?
Personal Information means any information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information. Personal Information is generally collected from the individual directly.

CuriousWorks collects Personal Information in many ways including:

  • When individuals correspond with us (including by letter, email or phone);
  • Through our websites (including when an individual chooses to make a donation through CuriousWorks website or subscribes electronically to our newsletter mailing list);
  • In person.
What Personal information do we collect? The kind of personal information that CuriousWorks collects about individuals depends on the type of dealings they have with CuriousWorks. For example, if a person:

  • Donates money to CuriousWorks. CuriousWorks collect their name, organisation, contact details, the amount and frequency of their donation, and hold records relating to their donation, including payment and billing information.
  • Registers for CuriousWorks newsletters and exclusive offers. CuriousWorks may collect their name, organisation, contact details and details about the registration.
  • Sends CuriousWorks an enquiry. CuriousWorks may collect their name, contact details and nature of the enquiry.
  • Visits CuriousWorks website. CuriousWorks will use cookies – see further details below – and may use tools to track visits, including how individuals arrive at the website and which pages they view.
  • Makes a complaint. CuriousWorks may collect their name, contact details, the details of their complaint, information collected in any investigation of the matter and details of the resolution of the complaint.
  • Applies for a job or volunteer role at CuriousWorks. CuriousWorks may collect the information individuals included in their application, including their cover letter, resume/ CV, contact details and referee reports, their tax file number and other identifiers used by government entities or other organisations to identify individuals, information from police checks, working with children checks (or similar), and information about their right to work in Australia.
If an individual does not wish to provide their personal information to CuriousWorks, in general, it will not be possible for CuriousWorks to deal with an individual in this way. The exceptions being individuals not identifying themselves or using a pseudonym when:

  • dealing with CuriousWorks (when viewing the CuriousWorks website or when making a general phone enquiry); and/or
  • donating money to CuriousWorks but in these circumstances, CuriousWorks may not be able to issue a tax-deductible receipt.
Sensitive Information ‘Sensitive information’ is a subset of personal information and means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information, including “sensitive information” as defined in the Privacy Act 1988 (Cth).

CuriousWorks must only collect sensitive information where it is reasonably necessary for its functions or activities. Sensitive information will be used by us only:
  • For the primary purpose for which it was obtained
  • For a secondary purpose that is directly related to the primary purpose
  • With your consent; or where required or authorised by law.
Third Parties Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances it may be necessary to collect Personal Information from Third Parties.

For example, we may collect personal information when an individual makes a donation to us. We may also collect personal information from use of our websites and information individuals provide to us through contact mailboxes or through the registration process on our website or Facebook. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information.

Why We Collect Personal Information
The main purposes for which CuriousWorks collects, holds, uses and discloses personal information include:
  • to request donations of financial gifts;
  • to respond to enquiries;
  • to maintain contact with our volunteers;
  • for administrative purposes;
  • for the engagement of service providers, contractors or suppliers relating to the operation of our organisation; or
  • for other organisational purposes.
CuriousWorks may also use your personal information for the purpose of emailing you our newsletters or posting you a thank-you note.

If you make a donation of money we may add you to our email, so that you receive updates and reports on the impact of your giving and other opportunities to support our cause. We may also use your personal information to send direct marketing emails.

If you do not wish to receive any communication from us, please contact us at You may opt out from our mailing lists at any time by using the unsubscribe function.

Disclosure of Personal Information
Your Personal Information may be disclosed in a number of circumstances including the following:
  • Third parties where you consent to the use or disclosure; and
  • Where required or authorised by law.
CuriousWorks uses a number of service providers to handle specific types of data that we collect. Some of these service providers are located outside Australia and use servers outside Australia / in the cloud, including Facebook and Google, which are both based in the United States. If CuriousWorks transfers information overseas for other purposes, it will only do so with the consent of the individuals or otherwise in accordance with law.

Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

While CuriousWorks will endeavour to always exercise due care in collecting and using personal information, it cannot guarantee that unauthorised access to individuals’ personal information will not occur. In the event of a data breach or privacy incident, CuriousWorks will follow best practice processes and ensure that the breach is contained and remedied and any policies and processes are updated if necessary.

CuriousWorks takes the following steps to secure the personal information that it collects:
  • website protection measures (including encryption, firewalls and anti-virus software);
  • security restrictions on computers (including login and password protection);
  • operational processes aimed at minimising the risk of a data breach (including a clean desk policy, shred all policy, secure cabinets for hard copy documents, encrypted USBs etc…)
  • controlled access to CuriousWorks premises; and
  • related policies on data governance and processes relating to information security (including restricting the use of personal information to CuriousWorks employees).
What steps does CuriousWorks take when there is a data breach or privacy incident?
A data breach or privacy incident may result from unauthorised people accessing/ disclosing, changing, losing or destroying personal information. Examples of situations where a data breach or privacy incident may occur include:
  • accidental download of a virus on to a CuriousWorks computer
  • discussing or sharing of personal information on Facebook
  • non-secure disposal of hard copies of personal information (e.g. not keeping hard copies in secure cabinets or not disposing of them in a secure bin/ shredder)
  • eaving an unlocked smartphone on public transport.
A data breach or privacy incident can occur due to human error or technical failures, can be accidental or deliberate and can apply to information in a number of forms (e.g. electronic as well as hard copy).

In the event of a data breach or privacy incident, CuriousWorks will respond in the following way which is in line with the Notifiable Data Breaches Scheme in the Privacy Act 1988 (Cth):
  • the breach/ incident will be identified and reported to the Privacy Officer(s) at CuriousWorks;
  • the breach/ incident will be contained so further access/ disclosure/ loss etc will not arise;
  • the seriousness of the breach/ incident will be assessed between the relevant personnel together with the Privacy Officer(s) at CuriousWorks;
  • regardless of the seriousness of the breach/ incident, remedial action will be taken to reduce any potential harm to individuals;
  • in cases where serious harm is likely, CuriousWorks will notify the relevant individuals, the OAIC, and issue a public statement that will be made available on it website;
  • following each breach/ incident, CuriousWorks will conduct a review of policies and processes and make any adjustments to avoid further breach/ incident of a similar nature.
The Use of Cookies and Web Analytics
CuriousWorks uses cookies and web analytics to assist it with its core operations.

Cookies: “Cookies” (i.e. small text files placed on your computer when you first visit the site) are used on CuriousWorks websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. Cookies are primarily used to enhance your online experience. If you visit our websites to read or download information, such as news stories or articles, much of the information we do collect is statistical only (e.g., the domain from which you access the internet, the date and time you access our site, and the internet address of the website from which you linked directly to our site) and not personally identifiable. We use this information about the number of visitors and their use of the sites in aggregate form to make our sites more useful and attractive to you.

Google Analytics and Meta Pixel (previously Facebook Pixel): CuriousWorks uses these tools on its website and social media pages to track the effectiveness of its content. These tools allow us to provide measurement services and target content.

Access and Correction to your Personal Information It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. If you wish to have your personal information deleted, please contact us and we will delete that information wherever practicable.

You can obtain further information about how to request access or changes to the information we hold about you by contacting us (see contact details below).

Privacy Policy Complaints and Enquiries If you would like to find out more about our Privacy Policy or the personal information we have collected about you, or if you would like to make a complaint, please contact us by:

Mail: PO BOX 112, Liverpool, NSW 1871, Australia
Phone: 02 9602 9568