Privacy policy
Beyond Blue is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other relevant laws in relation to the management of personal information.
This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information and should be read together with our Terms of Use.
What is personal information?
When used in this Policy, "personal information" has the meaning given in the Privacy Act. Generally, it means any information or an opinion that could be used to identify you.
How do we collect personal information?
We may collect your personal information if you:
- use our Support Services, which are delivered by Remedy Healthcare, which is a subsidiary of Australian Unity Limited;
- seek access to our Be You services which are delivered by third party providers;
- seek access to our New Access coaching service which is delivered by third party providers;
- seek access to our Before Blue coaching service which is delivered by an internal Beyond Blue workforce;
- use our Beyond Blue online forums;
- contact us over the phone, in person, by email or webchat, or through social media;
- participate in public or closed surveys, questionnaires or conference events;
- register for face-to-face or digital events (such as webinars);
- interact with our websites, mobile applications and social network accounts (such as Facebook, Twitter, YouTube, Instagram or LinkedIn – the social network providers will also handle your personal information for their own purposes and have their own privacy policies);
- donate to Beyond Blue, participate in fundraising activities or partner with us;
- donate to another organisation and consent to receive information from like-minded organisations such as Beyond Blue; or
- apply for a position with us (either as an employee, as a volunteer or as a contractor).
This collection may be required to allow you to:
- receive mental health support from our services;
- be referred to other mental health services, and other support services;
- receive New Access or Before Blue coaching;
- register with Be You;
- make a donation;
- join our websites as a registered user;
- receive information from us including alerts via email or SMS communications;
- apply to hold a fundraising event;
- register to use forums;
- register as a Blue Voices member;
- register as a volunteer;
- register as a Beyond Blue Ambassador or Speaker;
- download or order resources;
- access services for your educational institution or organisation;
- participate in professional learning modules;
- subscribe to our publications;
- receive information about or become involved in our programs, campaigns or other initiatives;
- use our websites and mobile applications; or
- work with us as an employee, contractor or volunteer.
What personal information do we collect?
The personal information we request from you will depend on the purposes for which we are collecting it, but may include:
- your name, age and date of birth;
- your contact details including your address, telephone number and email address;
- your job title or role and department;
- your organisation, service or educational institution details;
- the amount you have donated;
- your preferences for receiving further information about our programs, events, campaigns or activities;
- demographic information such as your age group, gender and location; and
- information to verify your identity for security purposes.
If you are seeking support with your mental health or if you apply to register as a Blue Voices member or volunteer we may collect sensitive information about you, including health information such as your medical history.
If you order certain resources, or make a donation to us, you may also need to provide credit card details and other payment information which will allow us to process the transaction.
At or before the time we collect information, we will take reasonable steps to provide you with a Collection Statement. Collection Statements can be found on our website and are specific to certain services. They provide further detail about how your personal information is collected, used and disclosed.
The choice of how much information you provide to us is yours, but if you want to register as a member of, or have a user account on our websites, order printed or download digital resources, make a donation, or otherwise
participate in our professional learning modules, programs and events, we require certain information from you in order to provide those services.
Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website) or using a pseudonym if you feel more comfortable dealing with us that way. For example, if you contact us directly by telephone with a general question, we will not ask for your full name unless we need it to answer your question.
Wherever possible, we will try to collect personal information from you directly, rather than from another person or source, unless it is unreasonable or impractical to do so.
Collecting information from third parties
There may be occasions when we collect personal information about you from a third party, for example, from our Support Service provider, IT or telecommunications provider or our delivery partners. These third parties also have their own privacy policies.
For example, if you call our Support Service, we may collect call information and/or telecommunications data from our telecommunications provider and disclose it to our Support Service provider so they can effectively manage the service.
Sharing another person’s experience with us or the public
If you want to share a story that includes another person’s experience of anxiety, depression or suicide in which that person will be identifiable, you must seek permission from the individual or next of kin first and let them know about our Privacy Policy. Some people may not want their experience made public. It is important to consider the impact and respect the wishes of others affected by the same story as you.
How does Beyond Blue use your personal information?
We only use or disclose your personal information for the purposes for which you gave it to us, or for a secondary purpose if permitted by law, which includes:
- where you have consented to that purpose;
- where you would reasonably expect us to use or disclose your information for that purpose, and where that purpose related to the primary purpose of collection (or, in the case of sensitive information, directly related to the primary purpose);
- where required or authorised by or under an Australian law or a court/tribunal order; and
- where a permitted situation exists under the Privacy Act, such as lessening or preventing a serious threat to the life, health or safety of an individual, or to public health or safety, or locating a person reported as missing.
The purpose for which we will use or disclose your personal information will depend on the purposes for which we are collected it, but may include the following purposes:
- to provide you with services;
- to allow you to obtain access to the interactive elements of our mobile applications and websites (including the online forums, our campaign websites and all professional learning);
- to provide you with a more personalised experience on our mobile applications and websites;
- to help you reset or recover your password for our mobile applications and websites;
- to provide you with the information, resources or merchandise you have requested;
- to involve you in programs, campaigns, research, fundraising, activities or other initiatives undertaken by Beyond Blue;
- to process your donation or order;
- to show your name and the amount of any donation or sponsorship you may make on our website (unless you choose a private or anonymous donation);
- for the marketing and research purposes of Beyond Blue, its contractors or service providers;
- for internal administrative purposes;
- to respond to enquiries in relation to the Beyond Blue Support Services or educational programs, general website feedback or assistance, or media enquiries;
- to update our records and keep your contact details up to date;
- for research, advice and information, including for benchmarking purposes;
- to send you communications about our programs, events, campaigns or activities if you have agreed to receive our emails in accordance with your communication preferences (you will be provided with an opportunity in each email to decline to receive any further emails from us by unsubscribing – if you are a registered member of our websites, you can also edit your communication preferences via your member account);
- in the case of marketing automation, to improve the emails that are sent to you and to improve the personalisation, services, programs, content and resources that are offered to you;
- to understand how you interact with us by recording information about you in a Customer Relationship Management system (for example, that you are a volunteer and a donor if that is the case);
- to enable like-minded organisations to contact you with information that may be of interest to you (if you have consented to this);
- to assess any application from you to work with us; and
- if you lodge a complaint or query with us, to process and respond to your complaint or query.
If you access the interactive elements of our mobile applications and websites (including online forums and Be You professional learning), only your display name will be shown online. We recommend that you do not post information online that may identify you or anyone else such as your address, email address or phone number. If you do post personal information online, your personal information may be identified, recovered and displayed by internet search engines.
Regardless of where in the world you reside, Beyond Blue may process and store your personal information in Australia.
Disclosure of personal information
We may disclose your personal information to third parties who assist us to provide services or to whom we outsource services, for the purpose of providing services to you. For example, we may disclose your personal information to:
- ·our Support Service provider, Remedy Healthcare, which is a subsidiary of Australian Unity Limited;
- ·our delivery and fundraising partners;
- event organisers and venues;
- ·our administrative service providers (such as IT services providers, telecommunications providers, analytics service providers and payment processors);
- ·our marketing service providers (such as email automation providers and mailing houses);
- ·our professional advisors (such as accountants, auditors and lawyers) and insurers; and
- in the case of Be You professional learning, the funder of Be You, the Australian Government Department of Health.
We take every effort to not directly disclose personal information to recipients located overseas without your consent.
Some of our third-party service providers may store personal information overseas when providing support or other services. For example:
- traffic information is disclosed to Google when you visit our websites and mobile applications - Google stores information across multiple countries; and
- when you communicate with us through a social network service such as Facebook or Twitter - the social network provider and its partners may collect and hold your personal information overseas across multiple countries.
Security of your personal information
We take reasonable steps to ensure the security of all information we collect, including that the information is protected from misuse and loss and from unauthorised access, modification or disclosure. In addition, we take reasonable steps to destroy or de-identify your personal information once we no longer need it or have been directly instructed by you to permanently remove or supress your personal information.
Our security measures for storage of personal information include:
- Encryption is applied for data in transit and at rest.
- Access controls: Role based access controls are implemented to ensure least privileged access to assets and information.
- Multifactor authentication is applied to internal facing applications that are used by Beyond Blue staff.
- Geo-restriction: Beyond Blue maintains a policy that requires all personal and sensitive information be retained in Australia. Beyond Blue sign up and registration page is restricted to Australia.
- Secure offices: Secure swipe card access to our premises ensures Beyond Blue is adequately protected from deliberate or unauthorised physical access.
- Regular security audits: Cybersecurity, data and information management and privacy are regularly reviewed as part of Beyond Blue’s internal audit program.
- Penetration testing: Occurs annually across the Beyond Blue corporate network and web applications.
- Staff training: Mandatory best practice and awareness staff training occurs on cybersecurity and privacy annually.
However, no transmission or storage of data can ever be guaranteed to be fully secure.
In addition, we take reasonable steps to destroy or de-identify your personal information once we no longer need it or have been directly instructed by you to permanently remove or suppress your personal information.
Our websites and mobile applications
Cookies
In some cases, we may also collect your personal information through the use of “cookies”. When you access one of our websites, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer or internet enabled device. This allows us to recognise your computer or internet enabled device, and whether you have already registered and greet you each time you visit our websites. It also enables us to keep track of services you view so that, if you consent, we can send you news about those services.
We also use cookies to measure traffic and engagement patterns, to determine which areas of our website have been visited and to measure overall, aggregate transaction patterns.
We use this to research our website visitor’s habits and what they are looking for and accessing, so that we can continually improve our services, programs, content and resources.
We also collect your device’s last known IP address and, if you are a registered user, store it against your website profile.
If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
Analytics tools
Our websites and mobile applications use analytics tools that collect information about:
- how you interact with and use our websites and mobile applications (such as how long you visit, which pages you visit and where you visited from);
- the device you use to access our websites and mobile applications;
- whether you have a social media account and are logged into your account; and
- whether you open our marketing emails and/or QR codes and whether you follow those links.
These tools do not identify you, or associate your internet protocol (IP) address with any identifying information.
We use the information collected by these tools to help us understand:
- how you use our website and mobile applications and therefore improve the content and design of our websites and mobile applications and our other services;
- what advertising and marketing content is relevant and interesting to you and therefore deliver more personalised and relevant advertising on Beyond Blue and on third party websites;
- the effectiveness of our advertising and marketing campaigns.
These tools transmit the information they collect to the servers of the third party who provides the tool. By using our websites and mobile applications, you consent to Beyond Blue disclosing this information to those third parties, who may use information about you in the manner described in their privacy policies. You can opt out of these tools by using the opt-out mechanism provided by the relevant third party or by disabling cookies and JavaScript in your browser settings.
Information about the specific analytics tools used on our websites and mobile applications can be found here.
Accessing and correcting personal information
You may request access to your personal information collected by us and ask we correct that personal information. You can ask for access or correction by contacting us and we will usually respond within 30 days. If we refuse to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons.
Notifiable Data Breaches Scheme
In the event of any unauthorised access or unauthorised disclosure or loss of your personal information that is likely to result in serious harm to you, and where remedial action has not been able to prevent the likely risk of serious harm, we will investigate and notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.
Complaints about your privacy
If you believe your privacy has been breached or you have a complaint about how we have handled your personal information, please contact us in writing. We will respond within a reasonable period (usually within 30 days from lodgement).
If you are not satisfied with our response, then you may lodge a formal complaint with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au).
Changes to this Policy
This Policy may change from time to time. Any updated versions of this Policy will be posted on our websites and will be effective from the date of posting.
This Policy was last reviewed and updated on 20 September 2024.
Meanings
References to “Beyond Blue”, "we", "us" and "our" are references to Beyond Blue Limited ACN 093 865 840.
How to contact us
Post
Attention: The Privacy Officer, Beyond Blue
Suite 501, 278 Flinders Lane Melbourne, Victoria 3000