EOFY Appeal: Give before 30 June and claim your tax deduction

Contact Us
Donate

Privacy Policy

1 Background

This policy must be read in conjunction with the Code of Conduct Policy and all other issued policies.

This webpage last updated 16/06/2026.

2 Purpose & scope

Yalari Limited and its subsidiaries (Yalari) respects the privacy of Personal Information in our care and follows the Australian Privacy Principles (the APPs) under the Privacy Act 1988 (Cth) (the Act) and other relevant laws.

The APPs are used to govern how Yalari handles Personal, Sensitive and Health Information (PSHI).

This policy applies to Personal, Sensitive and Health Information (PSHI) relating to, but not limited to, students, donors, clients, volunteers, contractors, consultants, job applicants and members.

This policy sets out how Yalari collects, uses, discloses, stores, secures, and provides access to PSHI.

3 Definitions

Personal Information

Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. (Names, email address, residential address and telephone numbers are examples of Personal Information).

Sensitive Information

Information or an opinion about an individual’s racial or ethnic origin, political opinions, philosophical or religious beliefs or affiliations, membership of a political association, trade or professional association or trade association, membership of a trade union, sexual preferences or practices, or criminal record. This information is also Personal Information, or Health Information, about individuals, or genetic information about an individual that is not otherwise Health Information. (Sexual preference, Mob, language group, religious beliefs and political association are examples of Sensitive Information).

Health Information

Information or an opinion about the health or a disability (at any time) of an individual, an individual’s expressed wishes about the future provision of health services to him or her, or a health service provided/or to be provided to an individual. This also includes Personal Information, other Personal Information collected to provide (or in providing) a health service, other Personal Information about an individual collected in connection with the donation (or intended donation) by the individual of his or her body parts, organs, or body substances, or genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual. (Medication, immunisation records, medical history, physical and emotional and mental health information are examples of Health Information).

Overseas Recipient

A person who receives personal information from an APP entity that is not in Australia nor an external Territory, not the APP entity disclosing the personal information, and not the individual to whom the personal information relates.

Employee Records Exemption

Under the Privacy Act, this provision exempts private sector employers from having to comply with the Privacy Act when handling an employee’s personal information for a purpose directly related to the employment relationship. However, if a private sector employer handles personal information that is not directly related to the employment relationship, the exemption will not apply and the Privacy Act will.

4 Types of information collected

4.1 Personal Information

The types of Personal Information Yalari collects may include:

  • identifying information such as your name, date of birth and gender;
  • contact information such as your address, telephone number and email address;
  • financial information including your bank account or credit card details when you donate to us;
  • records of your interactions and communications with Yalari; and
  • information about how you use the services that we provide you.

This list is not exhaustive. Yalari may collect Personal Information if necessary and with your consent. We may not be able to provide our services to you without your Personal Information. Where you provide Personal Information about someone else, you must have their consent to provide their Personal Information to us based on this Privacy Policy.

Personal Information may be solicited by us or collected from a number of different persons including, but not limited to, students, prospective students, donors, sponsors, clients, contractors, employees, prospective employees, and service providers.

4.2 Sensitive Information

In certain circumstances Yalari may collect Sensitive Information, including Health Information. Yalari will not collect Sensitive Information unless reasonably necessary for one or more of its functions and will seek your consent prior to collecting or storing your Sensitive Information. We will tell you when we collect this type of information.

5 Collection & storage of personal information

Yalari may collect information in relation to your interactions with us. However, Yalari will only collect Personal Information reasonably necessary to deliver our services and conduct the business activities that support this.

The collection of Personal Information may include Yalari collecting information from third parties, including public sources, information service providers or anyone with authority to act on a person’s behalf, such as parents or guardians.

Yalari may collect your personal information in the following ways:

  • when you fill out electronic forms (such as donor or sponsorship information);
  • when you fill out hard copy forms (such as application forms);
  • when you directly provide it to us during face-to-face contact (such as an interview), over the phone or by email;
  • when someone makes a donation on your behalf, and asks that you receive information about their gift, then we will collect the personal information they provide about you;
  • from public sources;
  • through third parties who are entitled to disclose that information to us (such as through parents or guardians, information service providers, partner schools, workplace-giving arrangements, doctors or nurses).

Yalari will aim to only collect Personal Information from you personally unless it is impracticable to do so. In this instance, Yalari will only collect Personal Information about you from someone else if your consent has been given or if we are required or authorised by law to collect such information.

If a person does not provide Yalari with the Personal Information that Yalari needs, then some or all of the following may occur:

  • we may not be able to provide services to that person;
  • we may not be able to consider that person’s application to join us as an employee, contractor or volunteer;
  • we may not be able to consider that person’s scholarship application; and
  • we may not be able to respond to that person’s requests for information.

5.1 Donors and sponsors

Personal Information may be collected from donors and sponsors through a number of channels.

  • If you make a donation to Yalari via our website, you will be directed to a third-party provider (eg. PayPal).
  • If you donate to Yalari over the phone, we record your Personal Information (including, but not limited to, your name and credit card information). This information is handled in accordance with the PCI DSS requirements.

Yalari only records Personal Information which is provided by you (including, but not limited to, your name, residential address, and email address which you provide). This Personal Information is then stored in a secure database and only used in connection with the primary purpose for which it was collected (ie. donations).

6 Use & disclosure of personal information

6.1 General

Yalari uses Personal Information for the following purposes:

  • carrying out or responding to your requests;
  • processing or seeking donations;
  • registration or administration related to the application process;
  • verifying your identity when you are dealing with us;
  • to enable us to provide our services;
  • improving our services;
  • contacting you with promotional information about Yalari or our services, unless prohibited to by law or you ask us not to;
  • obtaining your services;
  • reporting on our activities;
  • providing it to government agencies, eg. Centrelink, as necessary for the processing of scholarships; and
  • any purpose outlined to you at the time you provide the information.

We may not be able to do things necessary to perform our functions without your Personal Information. For example, we may not be able to send you correspondence, issue receipts, contact you about your application or a scholarship, or communicate with you about your volunteer role without your Personal Information, such as your name and address.

Many of our tasks are performed with the assistance of our employees, contractors and volunteers and we may share your Personal Information with them. We may also provide your Personal Information to health service providers or partner schools where appropriate, or with other service providers who assist us with archival, auditing, accounting, data processing, legal, business consulting, banking, marketing, research, website, or technology services.

We may otherwise use or disclose your Personal Information where required or authorised by law and which may include emergency situations and assisting law enforcement agencies.

6.2 Direct Marketing

Yalari uses Personal Information to provide goods and services and we may use Personal Information to inform others of the activities and opportunities of Yalari through newsletters, event reminders, fundraising activities, event management, scholarship program and social media. Yalari will never release or sell the database for commercial means. All such communications will provide an option to opt out or unsubscribe.

6.3 Disclosure of Personal Information to overseas recipients

Yalari will not disclose your Personal Information to any overseas recipients. However, Yalari uses Microsoft Services which stores data in Melbourne and Sydney, and may transfer data overseas to the United States. Yalari takes reasonable steps to ensure that these overseas recipients do not breach the APP’s and notes that these recipients are subject to substantially similar privacy laws to those in Australia.

7 Digital information collected on websites

Information collected on the Yalari website is known as aggregate information. This informs us of when people access our website. We may collect Personal Information about you in the form of your IP address and domain name.

Our website uses cookies, which do not identify you personally, but they may link back to a database record about you. Cookies are small text files created and stored on your hard drive by your internet browser software, to hold relevant information about the web page you are currently viewing. We use cookies to monitor usage of our website, to create a personal record of when you visit our website and to identify what pages you view so that we may communicate with, or serve, you more effectively.

The main purpose of cookies is to identify users and to prepare customised web pages for them. You can adjust your internet browser to disable cookies, please refer to your browser help menu to find out how to do this. While you will still be able to browse our website with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly.

Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and who are not subject to our privacy policies and procedures. We encourage our website users to be aware when they leave our site and to read the privacy statements or policies of other websites that collect Personal Information.

8 Storage and security of personal information

Yalari places a great importance on the security of all information associated with students, prospective students, donors, sponsors, clients, contractors, volunteers, employees, prospective employees, and service providers. We take reasonable steps to ensure your Personal Information is protected from unauthorised access, modification, disclosure, misuse, interference, or loss of Personal Information under our control.

We hold Personal Information electronically and in hard copy, both at our premises and off-site with the assistance of our IT service provider. Personal, Sensitive and Health Information (PSHI) may be held by Yalari in an electronic secure database or, where retention of hard copy documents is required, in secure filing systems. Only authorised personnel are provided with access to your Personal Information.

Yalari will only keep Personal Information for as long as it is necessary to fulfil its business needs or legal requirements. Where Personal Information is no longer required by Yalari, or where required by law, Yalari will take reasonable steps to securely destroy or de-identify information in accordance with the legal requirements for retention and disposal.

9 Access to and correction of personal information

9.1 Access to Personal Information

You may request access to your Personal Information held by Yalari (subject to some exceptions under the Act, such as the “Employee Records Exemption”). Any request for access must be made in writing (using the contact details in section 13 of this Privacy Policy). Yalari will respond to your request within a reasonable period and in accordance with the APPs.

Yalari may charge a reasonable fee for providing you with access to your Personal Information. If Yalari refuses to give you access to your Personal Information, Yalari will provide you with reasons as to why this is the case, except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so.

If Yalari denies you access to your Personal Information, it will also provide you with further steps you can take in relation to the matter.

9.2 Quality and Correction of Personal Information

Yalari will take reasonable steps to ensure that any Personal Information Yalari uses or discloses is complete, accurate and up-to-date. If, upon receiving access to your Personal Information or at any other time, you believe that the Personal Information we hold about you is inaccurate, incomplete, or outdated, please notify us immediately.

Corrections or updates of Personal Information must be made by you or by your authorised representative. If Yalari is satisfied that the information is incorrect, inaccurate, out-of-date, incomplete, irrelevant, or misleading, we will take reasonable steps to correct the information. If Yalari refuses to alter the information, we will provide you with reasons why this is the case and include a statement about the disputed facts on your file.

10 Unsolicited personal information

Yalari may, in some instances, acquire or receive unsolicited Personal Information about you in the course of its functions and activities. In such instances, and within a reasonable period, we will take reasonable steps to inform you that we have received your information.

If Yalari could not have legally collected the Personal Information by soliciting it from you, Yalari will destroy the information or ensure that the information is deidentified.

11 Mandatory breach notification requirement

The Privacy Amendment (Notifiable Breaches) Act 2017 established the Notifiable Data Breach (NDB) Scheme in Australia (effective 22 February 2018). The Privacy Act (through the NDB scheme) requires certain entities, including not-for-profit organisations, to notify individuals and the Privacy Commissioner of data breaches that are likely to cause serious harm.

If a data breach is identified or reported to Yalari, it must be immediately reported to the Yalari Privacy Officer. The Privacy Officer must then establish whether the data breach is an “eligible data breach” within the NDB Scheme.

The breach will be an eligible data breach if the following three criteria are satisfied:

  • There has been an unauthorised access or disclosure, or loss of Personal Information that Yalari holds;
  • It is likely to result in serious harm to one or more individuals (an objective assessment from the perspective of a reasonable person in Yalari’s position); and
  • Yalari has been unable to stop the risk of serious harm with corrective action.

12 How to make a privacy complaint

You can contact the Yalari Privacy Officer (using the contact details in section 13 of this Privacy Policy) if you have any concerns about how we have handled your Personal Information.

We will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concern, and we may need to engage or consult with other parties to investigate and deal with your issue. We will keep records of your request and any resolution.

If you are not satisfied with the manner in which we have dealt with your complaint, you may contact the Office of the Australian Information Commissioner.

13 Contact details

If you have any queries about our Privacy Policy or the way we handle your Personal Information, please contact the Privacy Officer at the Yalari office:

For information about privacy generally, or if your concerns are not resolved to your satisfaction, you may contact:

Yalari may update and improve this policy from time to time to reflect changes to legislation or internal process improvements. All policies of Yalari Limited do not replace legislation and, if any part of these policies are in conflict, then legislation takes precedence. An up-to-date copy of this policy will be maintained on the Yalari website.

Office of the Australian Information Commissioner
www.oaic.gov.au
1300 363 992
enquiries@oaic.gov.au

Privacy Officer:
Nicky Lavendar, Chief Financial Officer and Company Secretary
Yalari Limited
PO Box 1355, Oxenford QLD 4210
Telephone: (07) 5665-8688
Email: privacy@yalari.org

Contact Us

Partnership opportunities

Interested in getting involved in Yalari’s Adelaide Gala Dinner? Browse different partnership opportunities below.

View more
Express your interest in upcoming Yalari events
Acknowledgement of Country

Yalari respects our Elders, past and present, and acknowledges that our office is on Kombumerri country within the lands of the Yugambeh language group.