Privacy policies can be long and full of legal jargon that is hard to understand.
Who is collecting your data?
This website is managed by Reset Australia. We are an independent policy and advocacy organisation set up to combat the digital threats to democracy.
What data do we collect about people and why?
This depends on what you want to do with us.
- If you read our website, or any website we set up, we collect as little information as we can about you. We have two necessary Cookies that keep our website safe. If you consent to one additional Cookie, we collect your internet addresses, information about what browser you are using, and if you came to us from a different website for example so we can know more about who looks at our website. More about these Cookies is below.
- If you join our mailing list, we collect your name, email address and postcode so we can keep in touch with you about our work. We only add you to our mailing list if you consent, and you can unsubscribe to our mailing list whenever you want.
- If you join a campaign or sign a petition, we may collect your name, email address, postal code, age range, gender and postal address so we can campaign better. We only add you to a campaign or petition if you consent.
- If you come to an event, we may collect your name, phone number, billing information and email address so we can give you a ticket. We only give you a ticket if you consent.
- If you have given us your social media handle, we will occasionally find you so we can show you posts. We only do this if you have consented, and you can ask us to stop at any time.
- If you donate money to us, we collect your name, email and postal address for our tax and accounting purposes. We may also retain your payment details if you want to have ongoing donations. We only do this if you consent.
What about website Cookies?
We use as few “Cookies” on our website as we can. At the moment, we use three Cookies:
- Strictly necessary Cloudflare cookies that protect our website. These are essential so you can not opt out
- Strictly necessary Django cookies that protect our website. These are essential so you can not opt out
- Matomo performance cookies that provide information about who looks at our website (for example what country people who look at our website live in, what pages they look at and how they found our website for example). We only use this if you consent
For some campaigns, we may use Facebook Pixel and/or Google Analytics to help us know who saw the campaign. We use these services as little as possible, and as carefully as we can. You can always opt out of these.
What about links to other websites?
Our website includes links to other websites. These may collect and use your data or have cookies too. You can find out more about how they collect and use their data by looking for their Privacy Policies on their websites.
Sadly, we cannot control how other websites or apps collect and use your data, so be careful.
How long do we keep personal data?
For as little time as we need to.
- For our website, we delete or anonymise almost all personal data collected through the website after 48 hours. Sometimes this may be longer, if we need to run tests, are having technical problems or our website is under attack. If this happens, we will delete personal data as soon as we can though
- For our mailing lists, campaigns, events and social media data, we hold onto this data until you tell us not to or it is no longer relevant
- For donations data, we keep your data for seven years to meet tax and accounting laws
What about sensitive data?
We try not to collect sensitive data, like information about your religion or politics and never through our website.
But sometimes we collect sensitive data as part of our campaigns or petitions, or if you tell us something as a ‘personal story’ or case study to share. When this happens, we only do so with consent and we make it as clear as we can what we will do with your data.
Do we keep data secure?
We try as hard as we can to keep your data safe. For example, we make sure that only people who need to can see your data, we encrypt data where we can, and train our staff.
Although we do our best to protect your data, please remember that data that is sent over the internet is at risk.
Who do we share personal data with?
We share your data with as few people as possible. We only do this where we need to.
At the moment we share data with MailChimp for our mailing list, Humanitix for our events and Cookies’ companies Matomo, Heroku and Cloudflare. We have agreements with them to protect your data and to follow Australia’s data protection laws.
Do we send personal data overseas?
Will we let people see, access, change or delete their data?
For sure. (Unless we need to keep it for legal reasons). Just email us at [email protected] and ask.
We’ll need to make sure it’s data about you first, so you may need to identify yourself.
When did we write this policy?
This policy was drafted on 30 October 2020 and is reviewed annually.
Who can be contacted to find out more, or ask to see, change or delete data?
Simple. Email our ‘Data Protection Controller’ at [email protected] or by mail at Suite 403, 418A Elizabeth St, Surry Hills NSW 2010
We have a right to be protected from illegal content. The limited types of content that are already illegal in democratic societies – such as hate speech, defamation, and incitement to violence – should be removed from the Internet. The duty to remove it rapidly should be assigned to major platform companies (who have the necessary resources, technologies and responsibility) with the close supervision of regular order judicial review and a transparent process, including a fast-track appeals process. Because of the risk of overreach and infringements on legitimate speech, this practice should be strictly limited.
We have a duty to shield the public from fraudulent media. Large digital media platforms should maintain responsive channels to receive input from users, civil society organizations, news organizations and commercial partners. In this way, fraudulent media channels, inauthentic accounts, and malicious disinformation can be flagged for review and down-ranked in algorithmic curation before they can go viral.
We have the right to know who is trying to influence our political views and how they are doing it. The purveyors of disinformation amplify false narratives through the opaque channels of targeted digital advertising and the amplification of bot networks. New regulations should mandate that all automated accounts are clearly labelled. And we should require that the source of an ad, the funding behind it, and the scope of its reach are explicit to the end-user.
We have a right to public oversight of the social impact of technologies that automate decisions in information markets that influence daily life. The technologies that mine large data sets to make predictive judgements, target advertising and curate digital media feeds are increasingly sophisticated forms of artificial intelligence. These technologies have the potential for enormous social impact – positive and negative – and should be subject to government review, including assessments of training data, design bias and discriminatory outcomes. These audits should mirror in form and function the health and safety inspections of conventional industries.
We have a right to data privacy. Mass collection of personal data feeds the algorithms that determine what kind of media content we will see and how often, facilitating the creation of filter bubbles that fracture our political cultures. Individuals have a right to control how data is used to shape their experiences. To counteract this phenomenon, we must tighten and enforce laws that give users more control over how data is collected, used, and monetized. In principle, the less data we provide, the less precisely we will be targeted, and the less likely we will be shunted by algorithms into media communities that reinforce false beliefs.
We have a duty to protect the public against the exploitation of concentrated market power. In the realm of digital media, this means we must seek to ensure that consumers have meaningful options to find, send and receive information over digital media. The rise of platform monopolies underscores the need to open markets to new competitors and products with policies such as data portability, restrictions on mergers, and access to essential services.
We have a duty to protect the integrity of our democracy from outside intervention. The recent attempts by foreign powers to use a combination of digital disinformation and cyber-attacks to influence electoral outcomes must be treated as a direct threat to democratic government. Political institutions – such as parties, campaigns and election administration – should be treated as critical infrastructure and afforded the same degree of cyber-security protection as the electrical grid and the water system.
We have a duty to educate the public about the social and political impact of new technologies. We are in the early stages of digital media’s rise to dominance of global information systems. The traditional standards and signals of source credibility have deteriorated along with the fragmentation of the market. As a society, we need to establish digital media literacy skills in our educational curricula. And we need to work with civil society groups and public service news organizations to generate broad public awareness about the problem of disinformation.
We have a duty to foster a robust public sphere and an informed electorate. The rise of disinformation as a disruptive phenomenon in democracy coincides with the declining commercial viability of public service journalism, even as the public’s need for it grows. We need public policies designed to reinvigorate journalism. These may include support for the modernization of public media channels or tax benefits for newsrooms that satisfy basic professional requirements.
What we process and why
In accordance with our guiding principles, we have followed a privacy-by-design and default approach in the design and build of our Website. The personal data we collect from individuals who visit our Website is limited to what is required to gather basic statistical information about the use of the Website and to assist in diagnosing technical problems and defending against attacks.
We gather the Internet protocol (IP) address of the computer accessing the site, the browser software and operating system that the computer uses; and the Internet address (URL) of the outside website from which the visitor came. We collect this information by using cookies and process this data on the basis of either our legitimate interests in operating the website or your consent depending on the type of cookie deployed. More information about cookies and how we use them is provided in the Tracking & cookies (link) section below.
We send out newsletters to keep our network informed of our work, including the campaigns we run. We collect your name, postcode and email address for this purpose. To sign up to our mailing list, we collect this information directly from you, on the basis of your consent. You can withdraw your consent at any time by unsubscribing to the mailing list through the link provided in our newsletters.
As part of our advocacy work, we run campaigns to engage and inform the public on the digital threats to democracy. As part of those campaigns we may set up campaign specific websites, deploy content to social media sites, organise petitions to be shared with key influencers or send out information packs.
We may collect your name, email address, postal code, age range, gender and postal address where required as part of running campaigns. In general, the legal basis for these activities will be your consent – for example, where you sign a petition or agree to be part of a campaign where we test content sharing settings on social media, we will collect the required information directly from you with your consent.
In some cases, we set up campaign and/or educational ‘microsites’ - websites dedicated to a particular campaign and/or issue. Generally, we use the WordPress platform to set up these sites, as it provides a simple and effective means of deploying a new website. Wordpress deploys cookies to measure unique views of a site, collecting visitors’ IP addresses to do so. Reset Australia does not have control over these cookies of how they are deployed.
When you sign up to attend an event, we will send you emails providing information about that event. We use the MailChimp platform to manage these emails on the basis of our legitimate interest in efficiently and effectively managing the email process.
Fundraising and memberships
Reset Australia is funded through a variety (largely philanthropic) of sources, with various reporting requirements. In line with our mission, vision and values we accept funding, support and donations from certain organisations and members of the public on the basis of their consent. We retain the name, email and postal address of those organisations and members of the public to maintain records for tax and accounting purposes in line with our legal obligations to retain this information. Where you provide your consent, we may also retain your payment details in order to facilitate ongoing payments – for example if you become a Reset Australia member. Where we process your data on the basis of your consent, you may withdraw this at any time by contacting our Data Protection Focal Point at [email protected].
Social media advertising
To keep supporters up to date with our campaigns, events, and other relevant information we may occasionally use the data that they have provided to us to ‘retarget’ them using social advertising platforms.
This involves uploading encrypted/hashed to the third party platform in order to create the audience.
In general, data will be retained for as long as is necessary to fulfil the purpose for which it was collected.
After 48 hours, we delete or anonymise all personal data collected through the website for technical purposes. Anonymisation is achieved through the aggregation of statistical data that prevents the re-identification of individual users.
On occasion, we may need to retain personal data for longer than 48 hours. This includes for the purposes of conducting tests, diagnosing technical problems and defending against attacks on our website. In these situations, we will delete personal data as soon as it is no longer required for the purpose for which it was collected.
Where data is collected on the basis of consent, we retain it until you withdraw your consent or otherwise when the data becomes no longer relevant for the purpose for which it was collected. Where data is retained in line with legal obligations on us it will be deleted at the end of the relevant period (seven years) for tax and accounting purposes.
We do not directly collect any sensitive data through our website – for example, details of your religious beliefs or political opinions.
In some specific circumstances such as for:
- Specific political campaigns/petitions
- Other human interest stories
We may collect sensitive data such as political opinions (i.e. voting intention for upcoming elections) and ‘personal stories’ with identifying information.
In these instances, the use and storage of this information will be clearly stipulated, and informed consent collected from users with the option to opt-out at any point in time. We will also make efforts to make information unidentifiable as possible in consultation with respective users. Additionally, separate release forms would often be drawn up depending on the level of sensitivity of the information.
All internet usage generates additional “metadata” that is collected and retained by internet service providers. This data can be accessed by law enforcement and intelligence agencies, who may extrapolate upon it to build up detailed “pictures” of specific individuals and communities. Individuals concerned about this kind of surveillance are encouraged to take measures to protect their privacy, for example by using the Tor browser or a VPN.
Tracking & cookies
The Reset Australia website uses “cookies” and other technical measures to monitor and protect the website against malicious traffic and to collect limited analytical data in order to understand how users engage with the information we provide.
In accordance with our guiding principles, the Reset Australia website honours “Do Not Track” requests and has limited the cookies it deploys to the following:
- Strictly necessary Cloudflare cookies to protect the Website against DDoS attacks
- Matomo performance cookies to provide Reset Australia with analytical information about the use of the website, which is only deployed with visitors’ consent (see further below)
- Strictly necessary Django cookies to facilitate user logins and protect the Website against attempts to inject malicious code into registration forms
For some specific projects or campaigns, we may use Facebook Pixel and/or Google Analytics to ensure appropriate monitoring and evaluation. As an organisation committed to digital rights, we are aware of the broader implications of using these services. As such they will only be used when critically essential for the project/campaign an for each potential instance of use, we commit to:
- Undertaking a risk assessment of using these services for that particular project and/or campaign
- Ensure that informed consent is collected
- Design clear and accessible mechanisms and/or features so that anyone can opt out at any time
Opting in and out of cookies
If you accepted the Matomo cookies, these will have been deployed with your consent, which provides a legal basis for the processing of the analytical data they collect about your use of the Website. If you declined the cookies, they will not have been deployed.
The Cloudflare and Django cookies perform essential Website security functions and as such it is not possible to opt-out.
Browser settings can also be used to manage cookie preferences. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences.
We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Policy. The technical and organisational measures to prevent unauthorised access to personal data include limiting staff and sub-processor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols and staff training.
Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception – for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.
Data sharing and subprocessors
We work with carefully selected third-party service providers who perform certain data processing tasks in order to maintain this Website. These third parties – MailChimp, Humanitix, Matomo, Heroku and Cloudflare - are engaged by Reset Australia on terms which ensure confidentiality and compliance with data protection laws.
International transfers of data
There will be no transfers of data internationally.
- The right to be informed as to whether Reset Australia holds data about them;
- The right of access to that information;
- The right to have inaccurate data corrected;
- The right to have their data deleted;
- The right to opt-out of particular data processing operations;
- The right to receive their data in a form that makes it “portable”;
- The right to object to data processing;
- The right to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate.
To make a subject access request or complaint related to the processing of your personal data contact [email protected] or write to:
418 A Elizabeth St
Surry Hills, NSW 2010
Changes and revisions
In the event of any changes or revisions made to this Policy, the date and nature of the change will be listed below.
Policy published 30 October 2020.