Government related identifiers we may collect

We may collect the following government related identifiers about you for the following reasons:

Government related identifer	Why we collect it
Driver's license or passport details	To verify who you are
Working with Children Check number	To verify your suitability to work or volunteer with us
Tax File Number (TFN)	For payroll tax purposes

 

However, we do not adopt government related identifiers as our own identifiers or use them for any reason other than those indicated above.

Unique identifiers assigned by us

• We will not assign unique identifiers unless they are needed for us to efficiently manage your information.
• We may assign our own unique identifier to your information for the following purposes:
• to effectively manage records about you by streamlining storage, retrieval, and management of individual records across systems;
• to ensure you are correctly identified, especially in large datasets or systems where names alone may be ambiguous;
• to securely manage access to sensitive or personal information;
• to assist in system integration across multiple systems or services, without relying on personal identifiers like names or addresses;
• to help us comply with regulatory or operational requirements; and
• to minimise our use of and reliance on personal information.

How and when do you collect my information?

Collecting information from you directly

Wherever possible, we will try to collect personal information from you directly when you engage with us or use our services.

Table A – Collecting your information

When we collect We may collect personal information if you:	Enabling you We collection this information so we can:	Enabling us We collect this information so we can:
Support services
use our support services: phone support* live webchat* online forums use our coaching services: Be You* New Access* NASBO Before Blue  * Provided by third parties	receive mental health support be referred to other mental health and support services register to use online forums register and receive our coaching services	provide support and /or coaching services to you provide information, resources or merchandise you have requested provide de-identified, aggregated reports about the performance of the service you are using conduct research and benchmarking to improve our services update our records and keep your details up to date
Training and events
request or attend training	participate in training or professional learning	provide you with training and educational resources
Face to face and digital interactions
contact us over the phone, in person, email, webchat or social media participate in surveys, consultations, questionnaires or conference events register for in-person or digital events (such as webinars) interact with our websites, mobile applications and social network accounts	make a general enquiry, request or complaint use our websites and mobile applications or join as a registered user subscribe to our publications or receive information from us receive information about or become involved in our programs, campaigns or other initiatives	respond to your enquiry, request or complaint provide access to interactive elements of our mobile applications and websites send you communications about programs, events, campaigns or activities personalise services, programs, content, resources and advertising help you recover your password  collect statistics about how our website is accessed monitor the effectiveness of marketing campaigns
Donations and fundraising
gift, grant or bequest a donation to us participate in fundraising activities or partner with us donate to another organisation and consent to receive information from like-minded organisations	make a gift, grant or bequest a donation  apply to hold a fundraising event	process your donation, gift, grant, or bequest show your name and the amount of any donation or sponsorship you make on our website  enable like-minded organisations to contact you  involve you in programs, campaigns, research, fundraising, activities or other initiatives  understand how you interact with us
Employment and volunteering
apply for a position to work with us or volunteer with us	work with us as an employee, contractor or volunteer register as an Ambassador or Blue Voices Speaker	assess and contact you about your application set up or “on-board” you to our systems

Collecting information from third parties

There may be occasions when we collect personal information about you from a third party, such as our Support Service provider, IT or telecommunications provider or our delivery partners. These third parties also have their own privacy policies.

For example: if you call our Support Service, we may collect call data from our telecommunications provider and disclose it to our Support Service provider so they can effectively manage the service.

Donor information and targeted fundraising

We use donor and fundraiser data to inform fundraising activities and support the effective use of our fundraising resources. We may use donor and fundraiser information to better understand our supporter base and improve the effectiveness of our fundraising efforts. This includes analysing donation history, engagement patterns, and demographic data to identify trends and preferences.

To support this, we may use secure third-party platforms (such as Dataro) that apply data modelling and predictive analytics to help us identify donors who may be more likely to support specific campaigns. These platforms operate under strict privacy and data protection standards, and we ensure that any personal information shared is handled in accordance with the Australian Privacy Principles (APPs).

We do not use donor information to make decisions that would unfairly disadvantage individuals, and we do not sell or trade donor information. You can opt out of targeted fundraising communications at any time by contacting us at fundraising@beyondblue.org.au.

Sharing another person’s experience with us or the public

If you want to share a story that includes another person’s experience of anxiety, depression or suicide in which that person will be identifiable, you must first seek permission from the individual. If the individual is a minor, has died, or is otherwise unable to provide consent, you should seek permission from a legal guardian or appropriate legal representative, and let them know about our Privacy Policy. Some people may not want their experience made public. It is important to consider the impact and respect the wishes of others affected by the story.

What is my information used for?

We will use or disclose your personal information for the primary purpose for which we collected it. We may also use or disclose your personal information for secondary purposes which are permitted by the Privacy Act, as follows:

• where you would reasonably expect us to use or disclose your information for that secondary purpose, and that secondary purpose is related to the primary purpose of collection (or, in the case of sensitive information, directly related to the primary purpose);
• where you have consented to that secondary purpose;
• where that secondary purpose is required or authorised by or under an Australian law or a court/tribunal order; or
• where a permitted situation exists under the Privacy Act, such as lessening or preventing a serious threat to the life, health or safety of an individual, or to public health or safety, or locating a person reported as missing.

The primary purpose for which we collect your information in various situations, and the most common secondary purposes for which we also use and disclose that information, are set out in Table A above. They may also be described in the collection statement we provide to you at or before the time we collect your personal information.

Who else might see my information?

We may disclose your personal information to third parties who assist us to provide services or to whom we outsource services, for the purpose of providing those services to you. These may include:

 

Trusted Delivery Partners	Operational Partners	Personal Advisors
our Support Service provider, Remedy Healthcare, which is a subsidiary of Australian Unity Limited delivery and fundraising partners event organisers and venues in the case of Be You professional learning, the funder of Be You, the Australian Government Department of Health, Disability and Ageing	administrative service providers, such as: IT services  telecommunications  analytics services payment processors marketing service providers, such as: email automation  mailing houses	professional advisors, such as: accountants auditors  lawyers insurers

Cross-border disclosure of personal information

We make every effort to not directly disclose personal information to recipients located overseas.

Some of our third-party service providers may store personal information overseas when providing support or other services. For example:

• traffic information is disclosed to Google when you visit our websites and mobile applications - Google stores information across multiple countries; and
• when you communicate with us through a social network service such as Facebook, Instagram or X (formerly Twitter) - the social network provider and its partners may collect and hold your personal information overseas across multiple countries.

Security of your personal information

We take reasonable steps to ensure the security of all information we collect, including that the information is protected from misuse and loss and from unauthorised access, modification or disclosure. 

Our security measures for storage of personal information include:

• Encryption is applied for data in transit and at rest.
• Role-based access controls are implemented to ensure least-privileged access to assets and information.
• Multifactor authentication is applied to internal-facing applications that are used by Beyond Blue staff.
• Geo-restriction: Access to Beyond Blue’s sign up and registration page is restricted to Australia.
• Secure offices: Secure swipe card access to our premises ensures Beyond Blue is adequately protected from deliberate or unauthorised physical access.
• Regular security audits: Cybersecurity, data and information management and privacy are regularly reviewed as part of Beyond Blue’s internal audit program.
• Penetration testing: Occurs annually across the Beyond Blue corporate network and web applications.
• Staff training: Mandatory best practice and awareness staff training occurs on cybersecurity and privacy annually.

However, no transmission or storage of data can ever be guaranteed to be fully secure.

In addition, we take reasonable steps to destroy or de-identify your personal information once we no longer need it. 

Our websites and mobile applications

Websites

Like most websites, we use cookies and analytics to understand how people use our sites and to improve your experience. In most cases, you can choose to opt-out by adjusting your browser, application or device settings.

Mobile Applications

Beyond Blue’s mobile applications may include features such as mood-tracking, check-ins, and other in-app behavioural tools. Any data entered or generated through these features is stored locally on the user’s device and is not collected, transmitted, or stored by Beyond Blue. This ensures that your personal reflections and activity remain private and under your control.

Cookies

In some cases, we may also collect your personal information using “cookies”. When you access one of our websites, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer or internet enabled device. 

This allows us to: 

• recognise your computer or device and whether you have already registered;
• personally greet you each time you visit our websites;
• keep track of services you view so that, if you consent, we can send you news about them;
• measure website traffic and user engagement patterns; and
• research those patterns so we can continually improve our services.

We also collect your device’s last known Internet Protocol (IP) address and, if you are a registered user, store it against your website profile.

If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

Analytics tools

Our websites and mobile applications use analytics tools that collect information about:

• how you interact with and use our websites and mobile applications (such as how long you visit, which pages you visit and where you visited from); 
• the device you use to access our websites and mobile applications; 
• whether you have a social media account and are logged into your account; and
• whether you open our marketing emails and/or QR codes and whether you follow those links.

These tools do not identify you or associate your IP address with any identifying information.

We use the information collected by these tools to help us understand:

• how you use our website and mobile applications and therefore improve the content and design of our websites and mobile applications and our other services;
• what advertising and marketing content is relevant and interesting to you and therefore deliver more personalised and relevant advertising on Beyond Blue and on third party websites; and
• the effectiveness of our advertising and marketing campaigns.

These tools transmit the information they collect to the servers of the third party who provides the tool. By using our websites and mobile applications, you consent to Beyond Blue disclosing this information to those third parties, who may use information about you in the manner described in their privacy policies. You can opt out of these tools by using the opt-out mechanism provided by the relevant third party or by disabling cookies and JavaScript in your browser settings.

Our websites and mobile applications use analytics tools such as:

Analytics tools	Description
Google Analytics	Google Analytics is a product provided by Google to help us understand traffic and usage to help improve our services, programs, content and resources. Our websites and mobile applications also use the following Google Analytics Advertising Features: Remarketing, Retargeting and Impression Reporting; Demographics and Interest Reporting; and Government Reporting. Google Analytics does not identify individual users or associate your device’s IP address with any other data held by Google.
Marketing tools	Our websites use marketing tools (including Meta, Google and LinkedIn Pixel), which track your actions on our websites and collect information about your device and actions, whether you have a Meta, Google and/or LinkedIn account or are logged into your account. We use these tools to: deliver personalised and relevant advertising to you, on Beyond Blue, and on third party websites; collect statistics about how our website is accessed; monitor the effectiveness of marketing campaigns; and measure conversions.
Siteimprove analytics	We use Siteimprove to identify audience habits and behaviours so that content and user experience-related issues can be resolved, enhancing the overall website experience for users.
Marketing automation	Our websites use marketing automation tools that send communications (such as email or SMS) using several different services.  Each service uses tracking technologies primarily to understand what subjects are interesting to you by monitoring whether your emails are opened, and links are followed. This information is then used to deliver more personalised and relevant communications to you.
Registered users IP address stored on website profile	We also collect your device’s last known IP address and, if you are a registered user, store it against your website profile.

 

Your choices and controls

Remaining anonymous

The choice of how much information you provide to us is yours, however, the law requires us to collect certain information from you to provide some of our services.

Where possible, you can interact with us anonymously. For example:

• when you visit our website;
• you can use a pseudonym (fake name) when interacting with us; and
• you can contact us directly by telephone with a general question and we will not ask for your full name unless we need it to answer your question.

Some services will require us to confirm who you are to ensure your safety, public safety and prevent fraudulent or criminal activity. For example:

• if you wish to donate to us, your real name and other identifying information will be required so we can process your payment; and
• if you want to register for an event or volunteer with us, your real name and other identifying information will be required so we can keep you and other participants safe.

Opting out of communications

You can unsubscribe from our communications and marketing material at any time. 

For email communications, you can click the unsubscribe link provided in our email. If you have subscribed to multiple mailing lists, you may need to unsubscribe more than once to ensure your details are removed from all mailing lists.

For postal or telephone communications, you can write to us or email us and request your details be removed from those lists.

Adjusting cookie settings

If you do not wish to receive cookies or want to opt-out of Google Analytics, you can change your browser settings to disable or refuse cookies and JavaScript or use the opt-out service provided by Google. Refer to the “Help” section of your browser if you are unsure of how to do this.

Accessing and correcting your information

You may request access to personal information we hold about you, and ask us to correct that personal information if it is wrong. You can ask for access or correction by contacting us and we will usually respond within 30 days. If we refuse to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons.

Deleting your information

You may request we delete or de-identify your personal information held in our records, systems, or databases. We will do so provided it is practical and lawful to do so.

Some information must be kept for a period before it can be permanently destroyed. For example, if you’ve engaged with any of our support services, we are required to retain your records for at least seven years from the date of your last engagement.  

Notifiable Data Breaches Scheme

In the event of any unauthorised access or unauthorised disclosure or loss of your personal information that is likely to result in serious harm to you, and where remedial action has not been able to prevent the likely risk of serious harm, we will investigate and notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.

Complaints about your privacy

If you believe your privacy has been breached or have a complaint about how we have handled your personal information, please contact us.

How to make a complaint

You can make a complaint by:

• speaking to a Beyond Blue employee;
• telephoning (03) 9810 6100;
• completing the online form at www.beyondblue.org.au/about/contact-us/complaints; 
• writing to GPO Box 1883 Melbourne, VIC 3001; or
• emailing the Privacy Officer at privacy@beyondblue.org.au 

What we do when we receive a complaint 

We take your complaints very seriously. All complaints are treated the same and follow the same process in line with our complaints procedure. 

Complaint management is important so that we can address the specific needs of service users and their supporters, using deidentified information to improve services for everyone.

What you can expect after the complaint is investigated 

If you have provided details to be contacted, you can expect an acknowledgement of receipt within 24 to 72 hours. Following this, the complaint is investigated, and you will be notified of an outcome on completion of the investigation, if you have requested to be contacted.

Where to go if you are not happy with how we have handled your complaint 

If you are unhappy with how Beyond Blue has handled your complaint or the outcome, you have the right to complain to the Office of the Australian Information Commissioner (www.oaic.gov.au).

Changes to this Policy

This Policy may change from time to time.

Any updated versions of this Policy will be posted on our websites and will be effective from the date of posting.

This Policy was last reviewed and updated on 5 March 2026.

Meanings

References to “Beyond Blue”, "we", "us" and "our" are references to Beyond Blue Limited ACN 093 865 840.

How to contact us

Email
privacy@beyondblue.org.au

Post
Attention: The Privacy Officer, Beyond Blue
Suite 501, 278 Flinders Lane
Melbourne, Victoria 3000