Data Privacy Policy

Reset Australia (“Reset Australia”, “we”, “us”, “our”) is an independent non-partisan research and advocacy organisation working to drive awareness and solutions to the digital threats to democracy.

This Privacy Policy (“Policy”) outlines the personal data processing we undertake in connection with the Reset Australia website and specific campaign websites managed by Reset Australia. This Policy does not address our other personal data processing operations.

Additional policies and procedures addressing these processes are in place and we provide relevant information to data subjects at the point of data collection, or subsequently, as required by law. This Policy is subject to annual review. Subsequent updates and amendments will be documented below and communicated to data subjects where required.

Data controller

The data controller for data collected and processing in accordance with this policy is Reset Australia.

Reset Australia is an independent registered charity (ABN: 87636477177) with the Australian Charities and Not-for-profits Commission (ACNC) and is governed by a Board of Directors.

Any questions regarding this Policy or any other data protection issue related to Reset Australia should be submitted to our Data Protection Focal Point via email to [email protected] or by post to Suite 403, 418A Elizabeth St, Surry Hills NSW 2010.

Our Principles

Remove

We have a right to be protected from illegal content. The limited types of content that are already illegal in democratic societies – such as hate speech, defamation, and incitement to violence – should be removed from the Internet. The duty to remove it rapidly should be assigned to major platform companies (who have the necessary resources, technologies and responsibility) with the close supervision of regular order judicial review and a transparent process, including a fast-track appeals process. Because of the risk of overreach and infringements on legitimate speech, this practice should be strictly limited.

Reduce

We have a duty to shield the public from fraudulent media. Large digital media platforms should maintain responsive channels to receive input from users, civil society organizations, news organizations and commercial partners. In this way, fraudulent media channels, inauthentic accounts, and malicious disinformation can be flagged for review and down-ranked in algorithmic curation before they can go viral.

Signal

We have the right to know who is trying to influence our political views and how they are doing it. The purveyors of disinformation amplify false narratives through the opaque channels of targeted digital advertising and the amplification of bot networks. New regulations should mandate that all automated accounts are clearly labelled. And we should require that the source of an ad, the funding behind it, and the scope of its reach are explicit to the end-user.

Audit

We have a right to public oversight of the social impact of technologies that automate decisions in information markets that influence daily life. The technologies that mine large data sets to make predictive judgements, target advertising and curate digital media feeds are increasingly sophisticated forms of artificial intelligence. These technologies have the potential for enormous social impact – positive and negative – and should be subject to government review, including assessments of training data, design bias and discriminatory outcomes. These audits should mirror in form and function the health and safety inspections of conventional industries.

Privacy

We have a right to data privacy. Mass collection of personal data feeds the algorithms that determine what kind of media content we will see and how often, facilitating the creation of filter bubbles that fracture our political cultures. Individuals have a right to control how data is used to shape their experiences. To counteract this phenomenon, we must tighten and enforce laws that give users more control over how data is collected, used, and monetized. In principle, the less data we provide, the less precisely we will be targeted, and the less likely we will be shunted by algorithms into media communities that reinforce false beliefs.

Compete

We have a duty to protect the public against the exploitation of concentrated market power. In the realm of digital media, this means we must seek to ensure that consumers have meaningful options to find, send and receive information over digital media. The rise of platform monopolies underscores the need to open markets to new competitors and products with policies such as data portability, restrictions on mergers, and access to essential services.

Secure

We have a duty to protect the integrity of our democracy from outside intervention. The recent attempts by foreign powers to use a combination of digital disinformation and cyber-attacks to influence electoral outcomes must be treated as a direct threat to democratic government. Political institutions – such as parties, campaigns and election administration – should be treated as critical infrastructure and afforded the same degree of cyber-security protection as the electrical grid and the water system.

Educate

We have a duty to educate the public about the social and political impact of new technologies. We are in the early stages of digital media’s rise to dominance of global information systems. The traditional standards and signals of source credibility have deteriorated along with the fragmentation of the market. As a society, we need to establish digital media literacy skills in our educational curricula. And we need to work with civil society groups and public service news organizations to generate broad public awareness about the problem of disinformation.

Inform

We have a duty to foster a robust public sphere and an informed electorate. The rise of disinformation as a disruptive phenomenon in democracy coincides with the declining commercial viability of public service journalism, even as the public’s need for it grows. We need public policies designed to reinvigorate journalism. These may include support for the modernization of public media channels or tax benefits for newsrooms that satisfy basic professional requirements.

What we process and why

Website

In accordance with our guiding principles, we have followed a privacy-by-design and default approach in the design and build of our Website. The personal data we collect from individuals who visit our Website is limited to what is required to gather basic statistical information about the use of the Website and to assist in diagnosing technical problems and defending against attacks.

We gather the Internet protocol (IP) address of the computer accessing the site, the browser software and operating system that the computer uses; and the Internet address (URL) of the outside website from which the visitor came. We collect this information by using cookies and process this data on the basis of either our legitimate interests in operating the website or your consent depending on the type of cookie deployed. More information about cookies and how we use them is provided in the Tracking & cookies (link) section below.

Mailing lists

We send out newsletters to keep our network informed of our work, including the campaigns we run. We collect your name, postcode and email address for this purpose. To sign up to our mailing list, we collect this information directly from you, on the basis of your consent. You can withdraw your consent at any time by unsubscribing to the mailing list through the link provided in our newsletters.

Campaigns

As part of our advocacy work, we run campaigns to engage and inform the public on the digital threats to democracy. As part of those campaigns we may set up campaign specific websites, deploy content to social media sites, organise petitions to be shared with key influencers or send out information packs.

We may collect your name, email address, postal code, age range, gender and postal address where required as part of running campaigns. In general, the legal basis for these activities will be your consent – for example, where you sign a petition or agree to be part of a campaign where we test content sharing settings on social media, we will collect the required information directly from you with your consent.

In some cases, we set up campaign and/or educational ‘microsites’ - websites dedicated to a particular campaign and/or issue. Generally, we use the WordPress platform to set up these sites, as it provides a simple and effective means of deploying a new website. Wordpress deploys cookies to measure unique views of a site, collecting visitors’ IP addresses to do so. Reset Australia does not have control over these cookies of how they are deployed.

Events

We organise events from time to time and use the Humanitix platform to manage ticketing. When you sign up for one of our events, we will direct you to Humanitix where, on the basis of your consent, we may collect your name, phone number, billing information and email address in order to issue you with a ticket. Humanitix is a third party and also collects some user data for its own purposes which are generally limited to technical information required to run the platform. We recommend you review the Humanitix privacy policy available here.

When you sign up to attend an event, we will send you emails providing information about that event. We use the MailChimp platform to manage these emails on the basis of our legitimate interest in efficiently and effectively managing the email process.

Fundraising and memberships

Reset Australia is funded through a variety (largely philanthropic) of sources, with various reporting requirements. In line with our mission, vision and values we accept funding, support and donations from certain organisations and members of the public on the basis of their consent. We retain the name, email and postal address of those organisations and members of the public to maintain records for tax and accounting purposes in line with our legal obligations to retain this information. Where you provide your consent, we may also retain your payment details in order to facilitate ongoing payments – for example if you become a Reset Australia member. Where we process your data on the basis of your consent, you may withdraw this at any time by contacting our Data Protection Focal Point at [email protected].

Social media advertising

To keep supporters up to date with our campaigns, events, and other relevant information we may occasionally use the data that they have provided to us to ‘retarget’ them using social advertising platforms.

This involves uploading encrypted/hashed to the third party platform in order to create the audience.

Data retention

In general, data will be retained for as long as is necessary to fulfil the purpose for which it was collected.

After 48 hours, we delete or anonymise all personal data collected through the website for technical purposes. Anonymisation is achieved through the aggregation of statistical data that prevents the re-identification of individual users.

On occasion, we may need to retain personal data for longer than 48 hours. This includes for the purposes of conducting tests, diagnosing technical problems and defending against attacks on our website. In these situations, we will delete personal data as soon as it is no longer required for the purpose for which it was collected.

Where data is collected on the basis of consent, we retain it until you withdraw your consent or otherwise when the data becomes no longer relevant for the purpose for which it was collected. Where data is retained in line with legal obligations on us it will be deleted at the end of the relevant period (seven years) for tax and accounting purposes.

Sensitive data

We do not directly collect any sensitive data through our website – for example, details of your religious beliefs or political opinions.

In some specific circumstances such as for:

  • Specific political campaigns/petitions
  • Other human interest stories

We may collect sensitive data such as political opinions (i.e. voting intention for upcoming elections) and ‘personal stories’ with identifying information.

In these instances, the use and storage of this information will be clearly stipulated, and informed consent collected from users with the option to opt-out at any point in time. We will also make efforts to make information unidentifiable as possible in consultation with respective users. Additionally, separate release forms would often be drawn up depending on the level of sensitivity of the information.

All internet usage generates additional “metadata” that is collected and retained by internet service providers. This data can be accessed by law enforcement and intelligence agencies, who may extrapolate upon it to build up detailed “pictures” of specific individuals and communities. Individuals concerned about this kind of surveillance are encouraged to take measures to protect their privacy, for example by using the Tor browser or a VPN.

Tracking & cookies

The Reset Australia website uses “cookies” and other technical measures to monitor and protect the website against malicious traffic and to collect limited analytical data in order to understand how users engage with the information we provide.

In accordance with our guiding principles, the Reset Australia website honours “Do Not Track” requests and has limited the cookies it deploys to the following:

  • Strictly necessary Cloudflare cookies to protect the Website against DDoS attacks
  • Matomo performance cookies to provide Reset Australia with analytical information about the use of the website, which is only deployed with visitors’ consent (see further below)
  • Strictly necessary Django cookies to facilitate user logins and protect the Website against attempts to inject malicious code into registration forms

For some specific projects or campaigns, we may use Facebook Pixel and/or Google Analytics to ensure appropriate monitoring and evaluation. As an organisation committed to digital rights, we are aware of the broader implications of using these services. As such they will only be used when critically essential for the project/campaign an for each potential instance of use, we commit to:

  • Undertaking a risk assessment of using these services for that particular project and/or campaign
  • Ensure that informed consent is collected
  • Design clear and accessible mechanisms and/or features so that anyone can opt out at any time

Opting in and out of cookies

If you accepted the Matomo cookies, these will have been deployed with your consent, which provides a legal basis for the processing of the analytical data they collect about your use of the Website. If you declined the cookies, they will not have been deployed.

The Cloudflare and Django cookies perform essential Website security functions and as such it is not possible to opt-out.

Browser settings can also be used to manage cookie preferences. Each browser is different, so check the Help or Settings menu of your particular browser to learn how to change your cookie preferences.

Information security

We take all reasonable steps to ensure that personal data is processed securely and treated in accordance with this Policy. The technical and organisational measures to prevent unauthorised access to personal data include limiting staff and sub-processor access to personal data in accordance with specific job responsibilities or contractual obligations, the encryption of data where possible, the institution of security protocols and staff training.

Although we do our best to protect personal data, information transmitted over the internet remains vulnerable to interception – for this reason, the transmission of any personal data to our websites or via email to us is therefore at the data subjects’ own risk.

Data sharing and subprocessors

We work with carefully selected third-party service providers who perform certain data processing tasks in order to maintain this Website. These third parties – MailChimp, Humanitix, Matomo, Heroku and Cloudflare - are engaged by Reset Australia on terms which ensure confidentiality and compliance with data protection laws.

International transfers of data

There will be no transfers of data internationally.

External websites

The Website includes links to external websites, which may process your data or use cookies - for example links to EventBrite or other external resources and social media platforms. You can find out more about these services and their use of cookies through their respective websites and privacy policies. Please remember we cannot control the way those external websites collect and retain your personal data, so you use those external services at your own risk.

Your rights

  • The right to be informed as to whether Reset Australia holds data about them;
  • The right of access to that information;
  • The right to have inaccurate data corrected;
  • The right to have their data deleted;
  • The right to opt-out of particular data processing operations;
  • The right to receive their data in a form that makes it “portable”;
  • The right to object to data processing;
  • The right to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate.

To make a subject access request or complaint related to the processing of your personal data contact [email protected] or write to:

Suite 403
418 A Elizabeth St
Surry Hills, NSW 2010

Changes and revisions

In the event of any changes or revisions made to this Policy, the date and nature of the change will be listed below.

Policy published 30 October 2020.