privacy and data management policy

The purpose of this policy is to describe how indigo foundation will fulfil our obligations under the Privacy Act 1988. It explains why and how we collect and use personal information, the choices you can make about your personal information and what to do if you have a question, concern or complaint.

This policy relates to personal information that indigo foundation obtains from or about individuals interacting with indigo foundation, including through our website, social media, offline channels and third parties.

indigo foundation recognises the importance of protecting the privacy and rights of individuals in relation to their personal information. The integrity of your personal information is important to us and we are fully committed to protecting each individual’s right to privacy.

We are guided by the Australian Privacy Principles contained in the Privacy Act 1988 and we comply with the Act’s requirements in respect of the collection, management and disclosure of personal information.

Collection of information
indigo foundation regularly asks for information that helps us engage with the public. You can choose how much information you provide to us and you can change those details or access these details on request.

We will only collect and retain information by lawful and fair means. Where it is practicable and reasonable to do so, indigo foundation will only collect information directly from you – or your authorised representative. In general, we will not collect sensitive information and if we do so, it will only be with consent and as it relates to the activities of indigo foundation and our community partners.

When collecting personal information from you, we may collect in ways including: through your access and use of our website; when you sign up to receive newsletter or when you register to attend an indigo foundation event; during conversations between you and our representatives, and when you make a donation.

We may collect and hold the following information:

  • Personal details like name and date of birth
  • Contact details
  • Donation history
  • Payment information for donors
  • Ways in which you have supported of our work, for example, attending events or hosting a fundraiser
  • Information you provide to us through surveys or other means
  • Your communication preferences
  • In the case of members, membership fee history
  • In the case of people offering to volunteer for indigo foundation, CV, references, police reports and emergency contact details

Use and disclosure of information
We will only collect and retain information that is necessary to fulfil our mission – engaging with the public, raising awareness about and support for community partnerships and operations in Australia, managing our relationships with donors and other supporters.

indigo foundation will not use or disclose personal information about an individual for a purpose other than the primary purpose of collection.
This information we collect may be used to:

  • Process donations
  • Issue receipts, including tax-deductible receipts (under the Income tax assessment Act 1997)
  • Comply with internal audit procedures
  • Make contact for indigo foundation communications, such as newsletters and annual reports.
  • In the case of members, maintain our Membership register (under Corporations Act 2001)
  • In the case of prospective volunteers, enable the recruitment process
  • In the case of volunteers, contact nominated emergency contact people in the case of a health or security emergency whilst engaged in indigo foundation.

We occasionally require external suppliers to assist us in our activities, and may provide your information to them in order to achieve these – for example, printing a large number of letters to our supporters or seeking IT support with our database. Where this happens, we’ll ensure this is done securely and only for the purposes outlined above.

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy and Data Management Policy.

Data quality, access and correction
We will endeavour to ensure that personal information held by us is accurate, complete and up to date and we will take steps to ensure that information remains accurate, complete and up to date.

You have the right to request access and correct personal information we hold about you, subject to exceptions listed in the Privacy Act 1988. Where an individual makes a request for personal information, we will take reasonable steps to provide that information within 14 days.

Wherever it is lawful and practicable, individuals will have the option of requesting
anonymity, with the exception of donors who wish to receive tax receipts. We are committed to donor confidentiality and will only publicly identify donors with their advance knowledge and permission.

Data security
indigo foundation will take reasonable steps to protect the personal information it holds from misuse, loss or unauthorised access, modification or disclosure. We will take reasonable steps to destroy or permanently de-identify personal information that is no longer needed for any purpose.

We keep your personal information secure in our supporter database and access to this database is restricted to the General Manager, Chair, Financial Administrator and, beyond that, only where necessary and where that person has agreed to our Privacy Policy and signed the Confidentiality Agreement. Where we hold physical copies of your information, such as donation forms, these will be kept securely and destroyed if not needed.

Credit card details collected through the indigo foundation website are held securely by our third-party payment gateway Credit card details collected through crowd funding and events are held securely by third-party payment gateways, including and

indigo foundation does not have access to or store those details. Credit card details collected over the phone or in person are stored securely and able to be accessed only by the Financial Administrator and General Manager.

Overseas disclosure
In very limited circumstances, indigo foundation may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country in very limited circumstances, in compliance with our obligations under the Privacy Act 1988 and only as required by the nature of our work. Before transferring personal information overseas, indigo foundation will take measures to inform individuals of the reason for the transfer and the country or countries to which we are transferring personal information.

Examples of this are recruitment procedures for international fieldwork or supporting professional networking between contacts in Australia or overseas.

Personal information means information from which an individual’s identity is clear or can be reasonably ascertained. Information collected can include names, addresses, emails, phone numbers and payment details supplied to us (or to a third party that collects on our behalf) by an individual.

Sensitive information means personal information that could identify an individual along with additional information such as ethnic origin, religious beliefs or sexual orientation. A full list of what constitutes sensitive information is listed under the Privacy Act 1988.

The General Manager, in consultation with the Board and the Privacy Officer, is responsible for the administration, revision and application of this policy. This policy will be reviewed every three years and revised as needed, with the approval of the board.


indigo foundation is committed to working with individuals to obtain a fair resolution of any privacy concerns. If you have a question or complaint about how we manage your personal information, or would like to know more, contact us at or 0401 666 434 or alternatively write to indigo foundation’s Privacy Officer:

The Privacy Officer
PO Box 362
Figtree NSW 2525

You can read our complaints policy here and you can obtain further information about your privacy rights and privacy law from the Office of the Australian Information Commissioner by calling their hotline on 1300 363 992, visiting their website at or writing to:

The Australian Information Commissioner
GPO Box 5218
Sydney NSW 1042