Privacy Policy

Privacy Policy

1. Overview
Mental Health First Aid International (MHFAI) is a national not-for-profit company limited by
guarantee. MHFAI develops and evaluates training programs and trains and accredits
Instructors.

We are committed to protecting the privacy of the personal information we collect and
receive. This Privacy Policy sets out how we manage your personal information, including
sensitive and health information. It describesthe types of information we collect and hold
and why we do so, how we keep the information secure, how to access and correct the
information, and how to make a privacy complaint.

A copy of this Privacy Policy is available on the Mental Health First Aid website
www.mhfa.com.au. A printed copy can be obtained free of charge by contacting our Privacy
Officer (details under section 12 below).

1.1. Scope
This policy applies to the handling of personal information by MHFAI and MHFAI employees,
contractors, volunteers and third parties acting for or on behalf of MHFAI who are made
aware of this policy.

1.2. Definitions
Health Information is personal information that is also information or an opinion about the
physical, mental or psychological health of an individual, a disability of an individual, and an
individual’s expressed wishes for the future provision of their healthcare, or a health service
provided to an individual.

Personal information means information or an opinion, whether true or not and whether
recorded in a material form or not, about a living individual who is either identified or
reasonably identifiable. Examples include an individual’s name, address, contact number and
email address.

Privacy Act means the Privacy Act 1988 (Cth)

Sensitive information is a subset of personal information and is defined in the Privacy Act as
information or an opinion (that is also personal information) about and individual’s racial or
ethnic origin, political opinions, membership of a political association, religious beliefs or
affiliations, philosophical beliefs, membership of a professional or trade association,
membership of a trade union, sexual preferences or practices, criminal record, health
information, genetic information and some types of biometric information.

For the purposes of this Privacy Policy, a reference to personal information should read as
including sensitive and health information, unless otherwise specified.

1.3. Our obligations
MHFAI is required to comply with the Australian Privacy Principles (APPs) and the Privacy
Act.
• Relevant Australian State and Territory privacy laws also apply to MHFAI (including the
Victorian Privacy and Data Protection Act 2014 and Health Records Act 2001), other
national or international data protection and privacy laws depending on how individuals
engage with MHFAI and the types of personal information we collect, use, disclose or
otherwise handle.

2. The kinds of personal information we collect and hold

2.1. General
MHFAI collects information from individuals to whom we provide, and who help us
provide, our services and programs. This includes:
• donors
• employees
• job applicants
• licenced instructors
• organisational clients and prospective clients
• participants in training courses
• participants in advocacy campaigns
• research study participants
• suppliers and service providers
• users of our website and social media pages
• users of our mobile Apps and web applications.
• volunteers.

The types of personal information we may collect will depend on who you are, how
you engage with us, and the purpose for which it is collected. We only collect
personal information that is reasonably necessary to perform our functions and
activities, provide our services and administer our relationship with you.

The kinds of personal information that we may collect when dealing with you
includes:
• name
• date of birth
• gender
• contact information including address, postcode, email, telephone number and
mobile number
• details regarding ethnicity e.g. country of birth, whether you are an Aboriginal or
Torres Strait Islander or language spoken at home
• your position in the organisation you represent
• Photographic images and sounds recordings
• payment or billing information (including bank account details, credit card
details, billing address and invoice details) for supply of our services
• current location, if you are using one of our mobile Apps and consent to this
collection
• communication preferences
• your username and password for accounts set up on our website including your
Social ID if you choose to use it.

We may also collect the following types of information from you if you are a:

a) Job applicant or employee
• your employment history, qualifications, resume and job references
• your fitness for work, including police checks and security information from
government agencies or departments (such as Working with Children checks),
health assessments and other personal information as part of your job
• application
• your banking details to process payments such as wages
• government related identifiers, such as your Tax File Number in compliance with
the law.

b) Participant in a training program
• your opinions via surveys and questionnaires
• educational enrolment information and study details relating to your
participation and assessment in the training program.

c) Research Participant
• your opinions via surveys and questionnaires
• lifestyle information and health information.

d) Instructor applicant or licenced instructor
• your employment history, qualifications, resume
• valid Working With Children Check.

3. The purposes for which we collect, use and disclose personal
information

MHFAI collects your personal information for the primary purpose of performing our
functions and activities related to our role as a purpose-driven provider of mental health
education.

MHFAI may also use and disclose personal information for other purposes explained at
the time of collection or where it is reasonably necessary and related to the primary
purpose of collection (except for sensitive information), where you have provided you
consent for that other purpose, or where we are required or authorised by or under law
(including, without limitation, privacy legislation).

We collect, use or disclose personal information for the following purposes:
a) to deliver education, training and events
• developing, promoting and conducting MHFAI events (whether digitally, online,
face-to-face or otherwise), including seminars and conferences (including
organising speakers, locations and catering, making travel arrangements where
required and keeping attendance records)
• developing, administering, supporting, assessing and issuing certification for
MHFAI’s training programs
• developing new MHFAI education and training resources and programs
• promoting MHFAI workplace and community events and development materials.

b) for research and quality improvement
• conducting surveys and research as a research partner, for product and program
improvement purposes, to compile statistics and analyse trends
• developing research grant applications and administering research grants

Personal information collected for research is not used for any other purpose , unless
your consent is obtained for that purpose.

Research studies may require ethics approval from an Australian Human
Research Ethics Committee and this may impose additional obligations in relation to the
collection, use, disclose and storage of personal information.

c) for recruitment and employment
• assessing applicants for employment, conducting interviews, referee and
background checks, identify verification
• managing queries from or about a prospective, current or past employee
• administering the employment relationship including payroll, access to systems,
workplace health and safety
• for insurance purposes.

d) to accredit instructors
• assessing applicant eligibility to be a licenced instructor
• administering our relationships with licenced instructors.

e) to conduct Direct Marketing and communications
• Communication with our stakeholders about our organisational objectives,
products, programs and services
• Promoting and providing information about MFHAI and mental health first aid
• sending marketing and promotional information by post, email, social media or
telephone (including SMS) to subscribers and users of our products and services.
You may opt out of receiving direct marketing communications from us at any time.
If you wish to stop receiving direct marketing communications from us, please tell
us by following the opt-out instructions on the communication we send you or
contact us (see section 11).

f) to fulfil organisational activities
• Volunteering and support: to enable individuals to assist us with volunteering,
advocacy and other activities when we seek the community’s assistance.
• Compliance with laws: managing our legal obligations and compliance with laws
• Complaint management: receiving, investigating and taking action on complaints
such as MFHAI’s handling of personal information, and complaints about our
products and services.
• Payments: processing payments and payroll.
• General administration: to support our day to day operations.
• Grant applications: developing funding applications and administering funding
applications.
• Business analysis: de-identifying and using aggregated information for business
analysis.

3.6 What if you don’t want to provide your personal information?
MHFAI’s provides individuals with the option of not identifying themselves, or using a
pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a
name or other descriptor that is different to an individual’s actual name.

For example, MHFAI’s to enable you to access our website and make general phone queries
without having to identify yourself and to enable you to respond to our surveys
anonymously.

In some cases, if you do not provide us with your personal information when requested, we
may not be able to respond to your request or provide you with the product or service that
you are seeking.

4. Sensitive information and government related identifiers
4.1. Sensitive Information
MHFAI will only collect sensitive information where it is reasonably necessary for one or
more of our functions or activities and you have provided consent or we are required or
authorised by or under law (including applicable privacy legislation) to do so.

Some examples of sensitive information we may collect includes:
• information about dietary requirements or mobility needs when we conduct
events such as conferences and seminars
• information about medical conditions in the context of employment, training
assessment, as part of a participant’s special consideration application or so that
we can implement special assessment arrangements
• identification as Aboriginal or Torres Strait Islander
• information in regard to criminal convictions in relation to MHFAI trainers or
suppliers.

4.2. Government related identifiers
MHFAI does not adopt government related identifiers of an individual (such as a Medicare
number or driver’s licence number) as our own identifier of individuals. We will not
otherwise use or disclose such a government related identifier unless this is permitted by
the Privacy Act (for example, where it is reasonably necessary to verify your identity, to
fulfil an obligation to a government agency or authority, or where the use or disclosure is
required or authorised by or under an Australian law or a court or tribunal order).

5. How we collect personal information

5.1. Collection directly from you
We collect personal information only by lawful and fair means. If it is reasonable and
practicable, we will collect personal information we require directly from you.

MHFAI collects personal information including:
• by email
• over the telephone (including recording of conversations to our customer service
team for quality and training purposes)
• through written correspondence (such as letters, faxes and emails)
• on hard copy forms (including event registration forms and surveys)
• in person (for example, at job interviews and in exams)
• at seminars and functions (for example, if you fill out an assessment form or
leave us your business card)
• when you register for our campaigns or training programs
• via our electronic forms and learning applications.

5.2. Indirect collection

On occasion, we collect information indirectly from third parties including:
• individuals or services providers that offer and facilitate our training programs
• education and training providers through which you are enrolling and
participating in our training programs
• for recruitment purposes, an external recruitment, or background screening
services provider or third parties with whom you have previously worked
• a government agency or regulator
• if you are a referee for a grant, or employment application we collect your details
from the application
• insurers in relation to professional indemnity insurance
• public sources, such as telephone directories, membership lists of business,
professional and trade associations, public websites, ASIC searches, bankruptcy
searches and searches of court registries.

5.3. Collection from our website and social networking
MHVAI’s public website (www.mhfa.com.au/) is hosted in Australia. We collect personal
information through our website such as when you make an online purchase or complete
and submit a web form, or if you participate in a live chat.

When you access our website (www.mhfa.com.au), we or our third-party service providers,
may use cookies and software (such as JavaScript or other similar technology). A cookie is a
small string of information that a website transfers to your browser for identification
purposes. Depending on the surrounding circumstances, the cookies used by MHFAI may or
may not identify individual users who log into the website. If they do reveal your identity,
they constitute personal information, and thus are the subject of the Privacy Act.

Use of cookies and software allows us to:
• Maintain the continuity of your browsing session (eg maintaining a shopping
cart)
• Remember your details and preferences when you return
• Use Google analytics to collection information such as demographics, visits to
our website, length of visit and pages viewed

Most internet browsers are set to accept cookies. If you prefer not to receive them, you can
adjust your internet browser to reject cookies, or to notify you when they are being used.

Rejecting cookies can, however, limit the functionality of our website (such as preventing
users from logging on and making purchases).

We use social networking services such as Facebook, YouTube, X, Instagram and LinkedIn to
communicate with the public about our organisation, our training programs and our work.
When engaging with us through our social networking you should also consider their privacy
policy.

5.4. Unsolicited information
Unsolicited personal information is personal information MHFAI receives that we have taken
no active steps to collect (such as an employment application sent to us by an individual on
their own initiative, rather than in response to a job advertisement).

We may keep records of unsolicited personal information if the Privacy Act permitsit (for
example, if the information is reasonably necessary for one or more of our functions or
activities). If not, MHFAI’s will destroy or de-identify the information as soon as practicable,
provided it is lawful and reasonable to do so.

6. Disclosure of personal information to third parties

6.1 General Disclosures
MHFAI does not sell your personal information. Where necessary, we will share your
personal information with third parties or service providers for the purposes set out above
(in section 3) including:
• financial institutions for payment processing
• universities and other educational service providers involved with or engaged by
MHFAI for training or research programs
• educational institutions or funding bodies where they subsidise the fees for
secondary or tertiary students
• externally hosted applications and software subscriptions
• a MHFAI participant or Instructor’s employer (including to confirm status and
provide training program results where the employer subsidises some or all of
the individual’s fees)
• members of MHFAI committees (such as advisory committees, member and
discussion groups formed to consider topics of interest to mental health first aid)
• bodies such as the Financial Ombudsman Service for the resolution of complaints
and disputes
• referees whose details are provided to us by job applicants
• third parties who have made complaints (including to advise them of the conduct
and outcome of the complaint)
• MHFAI’s contracted service providers, including:
o Information technology service providers
o publishers of our newsletters, handbooks, and course materials
o conference organisers
o marketing and communications agencies
o mailing houses,freight, and courier services
o printers and distributors of marketing material
o external business advisers (such as recruitment advisers, accountants,
auditors, insurers and lawyers); and
o transcript recording service providers, in relation to disciplinary
proceedings
• law enforcement and regulatory bodies as required by law to comply with our
legal obligations (such as Australian Securities and Investments Commission, The
Australian Tax Officer and the Australian Charities and Not-for-profits
Commission)
• as required or authorised by or under an Australian law or the order of an
Australian court or tribunal
• other professional bodies of which MHFAI is also a member in relation to
disciplinary proceedings.

Where we enter arrangements with service providers, our agreements will require those
parties to keep personal information confidential and secure and to treat it in accordance
with applicable laws and regulations.

In the case of these contracted service providers, the MHFAI may disclose personal
information to the service provider and the service provider may in turn provide us with
personal information collected from you in the course of providing the relevant products or
services.

Personal information may also be disclosed to third parties with the consent of the record
subject.

6.2 Disclosure for Research
We may disclose your personal and health information to researchers to conduct research
studies into mental health first aid. Typically, information provided for research projects is
de-identified unless consent is obtained. Disclosure of personal and health information for
research purposes will be subject to our legal obligations, as well as our strict internal
policies and codes of practice and the Australian Code for the Responsible Conduct of
Research.

7. How we store and secure personal information

7.1. General
MHFAI stores personal information in several ways, including on our cloud storage system,
on servers located in Australia and in physical records. We retain effective control over any
personal information held by us.

MHFAI’s will take reasonable steps to:
• make sure that the personal information that we collect, use and disclose is
accurate, up to date and complete and (in the case of use and disclosure)
relevant; and
• protect the personal information that we hold from both internal and external
threats by assessing the risk misuse, interference and loss and from
unauthorised access, modification or disclosure.
You can also help us keep your information up to date by letting us know about any changes
to your personal information, such as your email address or phone number (refer to section 12)

7.2. Retention
MHFAI will keep your personal information until it is no longer required for any purpose. or
as long as required by applicable law.

MHFAI takes reasonable steps to delete, de-identify or archive personal information in a
secure manner (for example, we use document destruction bins and secure archive facilities)
when we no longer need it (including to meet any obligations under law).

7.3. Security
The steps we take to secure the personal information we hold include ICT security (such as
encryption, firewalls, anti-virus software, login and password protection, information access
controls), secure office access, personnel security and training and workplace policies.

7.4. Payment security
The MHFAI processes assessment, membership and other payments using EFTPOS and
online technologies. MHFAI’s takes reasonable steps to ensure that all transactions
processed by MHFAI meet industry security standardsto ensure payment details are
protected.

7.5. Website security
While MHFAI strivesto protect the personal information and privacy of website users, we
cannot guarantee the security of any information that you disclose online: you disclose that
information at your own risk. If you are concerned about sending your information over the
internet, you can contact MHFAI by phone or post.

You can also help to protect your personal information by keeping passwords secret and by
ensuring that you log out of the website when you have finished using it. In addition, if you
become aware of any security breach, please let us know as soon as possible.

7.6. Third party websites
Links to third party websites that are not operated or controlled by the MHFAI are provided
for your convenience. MHFAI is not responsible for the privacy or security practices of those
websites, which are not covered by this Privacy Policy. We encourage you to read the privacy
policy of any third-party website you navigate to before supplying any personal information
to them.

8. Cross border disclosure of personal information
We may disclose personal information to individuals and organisations who are located
outside Australia. They may be in locations where they are subject to laws in that location or
to a binding scheme or contract with us which requires them to protect the information we
disclose in a substantially similar way to our privacy obligations in Australia. Otherwise, we
may disclose or transfer personal information in compliance with the other provisions of
APP8 (Cross-border disclosure of personal Information) and other applicable privacy laws.

Parties that we may transfer/disclose information outside Australia include; the third parties
noted above in section 6 , partners in our education and training programs and other
affiliate Mental Health First Aid organisations.

9. Access and correction of your personal information
Individuals have a right to request access to the personal information MHFAI holds about
them and to request its correction at any time.

You can ask for access or correction by contacting MHFAI by:
• Telephoning us on +61 3 9079 0200
• Writing us a letter or email, or
• Contacting the Privacy Officer (see section 11).

MHFAI will respond to your request within 30 days.

MHFAI will ask you to verify your identity before we give you access to your information or
correct it. We may provide access in the manner that you have requested provided it is
reasonable and practicable for us to do so. If we refuse your request, we will tell you about
the reasons in writing and the available complaint mechanisms.

If the purpose of your request is other than to correct what you believe to be an error in the
information we hold about you, MHFAI may levy a reasonable administration fee for giving
access to the requested personal information.

In addition, if we refuse to correct personal information in the manner you have requested,
you may ask us to associate with the information a statement that the
information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take
reasonable steps to associate the statement in such a way that will make it apparent to users
of the information.

Depending on your location of residence, other rights may be available to you. Please
contact our Privacy Officer if you would like to exercise any rights under privacy laws that are
relevant to you.

10. Complaints
If you have a complaint about how MHFAI has handled your personal information, please
contact our Privacy Officer (details under section 11 below).

Our Privacy Officer will deal with your complaint with care and take any steps necessary
to investigate and resolve the matter in a timely manner. This may include, for example,
gathering the facts, locating and reviewing relevant documents and speaking to relevant
individuals.

In most cases, we expect that complaints will be investigated and a response provided within
30 days. If the matter is more complex and our investigation may take longer, we will write
and let you know, including letting you know when we expect to provide our response.

Our response will set out:
• whether in the Privacy Officer’s view there has been a breach of this Privacy
Policy or any applicable privacy legislation; and
• what action, if any, MHFAI will take to rectify the situation.

If you are unhappy with our response, you can refer your complaint to the Office of the
Australian Information Commissioner (OAIC). The OAIC can be contacted on 1300 363 992. For
more information visit www.oaic.gov.au.

11. Contact us
Please contact the MHFAI if you have any queries about the personal information that we
hold about you or the way we handle that personal information. Our contact detailsfor
privacy queries and complaints are set out below.

PrivacyOfficer
Mental Health First Aid International
Level 18, 150 Lonsdale Street
Melbourne VIC 3000
Australia
E: privacy@mhfa.com.au
P: + 61 3 9079 0200

12. Changes to this Policy
We may amend this Privacy Policy from time to time. The current version will be posted on
our website and a copy may be obtained free of charge from our Privacy Officer.