Privacy policy
This notice explains how Redkite (A.B.N 65 104 710 787) collect, store and use information about individuals (personal information). If you’re visiting us from the EU, you may have additional rights beyond our privacy notice. By continuing to use our website, you provide your consent to the terms of our Privacy Policy.
Scope of Policy and Source of Obligation
Redkite is committed to managing personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act), the 13 Australian Privacy Principles (APPs), and relevant state-based health privacy legislation, including:
Health Records and Information Privacy Act 2002 (NSW)
Health Records Act 2001 (Vic)
This policy explains how Redkite collects, uses, discloses, stores, and manages personal information. It also outlines how individuals can access and correct their personal information or make a complaint.
Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Sensitive Information: Includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, or criminal record.
Health Information: A type of sensitive information that includes information about an individual’s physical or mental health, disability, or use of health services.
Data Collective: A group of like-minded organisations that share limited personal information (excluding sensitive information) for marketing and fundraising purposes.
We may collect personal information in the course of our work from:
- Individuals receiving support services.
- Family members or carers.
- Donors and supporters.
- Contractors, service providers, job applicants, volunteers.
- Website users and event participants.
Types of information collected include, but are not limited to:
Personal Information
- Names, contact details, dates of birth.
- Emergency contact details.
- Employment and education history.
- Donation, payment details and/or bank account details.
- Photographic images, attendance records.
Sensitive Information
- Family information, cultural background, religious beliefs, criminal records.
- Court orders or legal information.
Health Information
- Medical history, disability information, immunisation records.
- Psychological reports, treatment stage, care plans, counselling notes.
Generally, we will seek consent from the individual in writing before we collect their sensitive
information (including health information).
We obtain consent before collecting sensitive or health information, except where permitted by law employment relations between Redkite and the employee.
Note: Employee records relating to current or former employment are generally exempt from the APPs, but may still be covered under state health privacy laws.
The collection of personal information depends on the circumstances in which Redkite is collecting it. If
it is reasonable and practical to do so, we collect personal information directly from the individual, or in
the case of minors from their parent/s or primary carer.
Solicited Information
When you visit our website, we request that you provide Personal Information about yourself and we
collect Navigational Information. However, you are free to explore our website without providing any
personal information about yourself, and you can disable the collection and use of your location data
through browser, operating system or device-level settings.
Redkite has, where possible, attempted to standardise the collection of personal information by using
specifically designed forms (e.g. an application form or Health Information Disclosure Form, subscribing
to our newsletter, signing up for an event etc). However, given the nature of our operations we also
receive personal information by email, letters, notes, via our website, over the telephone, in face-toface meetings, through financial transactions and through surveillance activities such as email
monitoring.
We also collect personal information from other people (e.g. a third-party service provider, referees for
prospective employees) or independent sources. However, we will only do so where it is not reasonable
and practical to collect the personal information from the individual directly.
Information collected from our website
We collect information based on how individuals use our website and social media. We use ‘’cookies’’
and other data collection methods to collect navigational information on website activity such as the
number of visitors, the number of pages viewed, your IP address, geographical location, browser type,
and, resources downloaded, length of visit and the internet advertisements which bring visitors to our
website. This information is collected to analyse and improve our website, marketing campaigns and to
record statistics on web traffic and to provide you with better support when you interact with Redkite.
We also use navigational information alone or in combination with personal information to provide you
with personalised information about Redkite.
Unsolicited information
Redkite may be provided with personal information without having sought it through our normal means
of collection. This is known as “unsolicited information” and is often collected by:
- Misdirected postal mail – Letters, Notes, Documents.
- Misdirected electronic mail – Emails, electronic messages.
- Employment applications sent to us that are not in response to an advertised vacancy.
- Additional information provided to us which was not requested.
Unsolicited information obtained by Redkite will only be held, used and or disclosed if it is considered as
personal information that could have been collected by normal means. If that unsolicited information
could not have been collected by normal means then we will destroy, permanently delete or de-identify
the personal information as appropriate. Complaints about individuals are considered to be unsolicited
information.
We collect personal information:
- Directly from individuals or their carers/parents.
- Via online forms, event registrations, surveys, emails, and phone calls.
- Through third parties (e.g. referees, contractors, health providers) where direct collection is not reasonable.
- From cookies and usage tracking on our website and social media.
Where it is not possible to obtain express consent for the collection of non-sensitive
information, consent may be implied if the person’s actions clearly indicate agreement.
Website, Cookies and Online Advertising
Our website collects navigational data (e.g. IP address, browser type, page views) via cookies. This helps us improve user experience and personalise content.
Third party vendors, such as Meta and Google, whose services we use, place these cookies and similar technologies on web browsers to help us tailor advertising that may be of interest to individuals based on past visits to our sites. We respect everyone’s privacy and are not collecting any identifiable information through these services.
User’s may disable cookies via their browser settings.
If we receive unsolicited personal information, we will assess whether it could have been collected through normal means. If not, we will destroy or de-identify the information securely.
We use personal information only for purposes that are:
Directly related to our work (primary purpose), or
Related secondary purposes that would be reasonably expected or with consent.
These include:
- Delivering and improving services.
- Communications (e.g. newsletters, updates).
- Marketing, fundraising and donor engagement.
- Employment, volunteer, and contractor management.
- Legal, regulatory and child protection obligations.
- Research and analysis (using de-identified data where practicable).
Third Parties and Data Collectives:
We may share limited personal information (excluding sensitive information) with like-minded organisations as part of data collectives. Individuals can opt out of this at any time without affecting their access to services.
We will not disclose sensitive or health information unless:
- Required by law.
- We have been given consent.
- There is a serious threat to health or safety.
- Other permitted general or health situations apply.
Our public website can contain links to other third-party websites outside of Redkite. Redkite is not responsible for the information stored, accessed, used or disclosed on such websites and we cannot comment on their privacy policies.
We may store or process information overseas, including with cloud service providers located in countries such as the USA, UK, Ireland, Singapore, Japan, China, and Germany.
We take reasonable steps to ensure overseas recipients:
- Are subject to privacy laws equivalent to the APPs, or
- Enter into contractual arrangements to protect the data, or
- Only access the data with the person’s consent or as otherwise permitted by law.
Children have rights under the Privacy Act. Generally, we obtain consent from a parent or guardian for children, but we may:
- Obtain direct consent from a mature minor, where appropriate.
- Deny parental access to information necessary to protect the child’s privacy or wellbeing.
We will not, knowingly, solicit donations from children without the consent of the child’s parent or guardian.
We store personal information in:
- Secure cloud-based systems.
- Databases.
- Locked physical files.
- Staff computers and devices (with access controls).
Security measures include:
- Access restrictions based on staff roles.
- Cybersecurity protocols and firewalls.
- Staff training and internal policies.
- Secure destruction or de-identification of obsolete data.
- Due diligence on third party service providers.
Anyone may:
- Request access to or correction of their information.
- Request access to, or correction of, their personal information by contacting our Privacy Officer. We will verify the person’s identity and respond within a reasonable time.
- Withdraw consent to certain uses.
- Opt-out of marketing communications or data collectives.
- Request deletion of their personal information. In some cases, we may not be able to delete the personal information. This could be because we are legally required to keep certain records – for example, for health, tax, or employment purposes, or because the information is needed to provide ongoing support.
If we cannot delete the information, we will explain why. Where possible, we may instead remove identification details (this is called de-identification).
If we deny a request, we will explain why. Anyone may request a statement to be attached to their record if they disagree with a correction or deletion decision.
Anyone may also request the Office of the Australian Information Commissioner (OAIC) to review our decision. See section 12 below ‘Making a Complaint’.
Redkite has procedures in place for responding to data breaches in line with the Notifiable Data Breaches Scheme.
If a breach occurs, we will:
- Assess and contain the breach.
- Notify affected individuals and the OAIC if required.
- Publish a notice on our website if direct contact is not possible.
To make a complaint about how we handle personal information, contact us in writing. If you are dissatisfied with our response, you may contact the OAIC at www.oaic.gov.au.
- Email: privacyofficer@redkite.org.au
- Mail: Privacy Officer, Level 3, 418a Elizabeth Street, Surry Hills NSW 2010
- Phone: 1800 REDKITE (1800 733 548)
Where practical, you may contact us anonymously or using a pseudonym, but this may limit the assistance we can provide.
To request deletion of your data, please email: privacyofficer@redkite.org.au
This policy is reviewed periodically and updated as needed. The most recent version is available at www.redkite.org.au.
This Privacy Policy was last updated: 9 September 2025
Request information And support
We’re ready to help. Please call us on 1800 REDKITE (Mon – Fri 9am – 7pm AEST), or fill out the form below.
