Advance Generations Limited

ABN 67 686 128 478

Privacy Policy

Introduction

This Privacy Policy (the “Policy”) outlines how Advance Generations Limited (ABN 67 686 128 478), “Advance Generations”, “we”, “our”, “us”, manages personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This document provides guidance on our practices, responsibilities, and governance measures to protect personal information of donors, bequestors, stakeholders, and staff.

Scope and Application

This Policy applies to all personal information we collect, hold, use, or disclose in connection with our activities, which occur primarily within Australia.  Some data may be stored or processed overseas, notably in the United States.

Legal Framework and Principles

We adhere to the 13 APPs outlined in the Privacy Act 1988, which govern standards relating to collection, use, disclosure, storage, and destruction of personal information.

Roles and Responsibilities

Advance Generations assigns clear roles to ensure privacy compliance across the organisation. The Company Secretary acts as the Privacy Officer and is responsible for managing privacy governance, handling and coordinating all privacy requests, overseeing training, and conducting regular audits to assess compliance. 

All staff and contractors must follow this Policy, participate in required privacy training, and support ongoing privacy initiatives to protect individuals’ personal information. The organisation’s leadership is accountable for enforcing privacy obligations and ensuring that privacy considerations are embedded in decision-making, systems design, and day-to-day operations. Any changes to privacy practices or emergence of new regulatory requirements will be communicated to staff and implemented through updated procedures and training.

Collection of Personal Information

We collect personal information only where it is necessary to achieve our objectives and to fulfill governance, fundraising, and administration functions. The types of information collected include contact details (such as name, address, email, and telephone number) and financial information (such as bank details and records relevant to donations and bequests). 

Personal information is collected through online forms, emails, referrals, and direct personal contact. The collection is conducted with the individual’s consent, or as otherwise permitted or required by law, and notices are provided at or before collection to ensure transparency about the purposes for which the information will be used. Advance Generations limits collection to information that is reasonably necessary for its activities and relies on data quality measures to maintain accuracy and currency. The information collected is used to facilitate bequests and donations, manage donor records, communicate with donors and beneficiaries, and support governance and reporting. If information is collected from third parties, Advance Generations ensures it is done with appropriate consent or a legitimate basis and that any third party adhere to this Policy.

Use and Disclosure

Advance Generations uses personal information solely for the purposes for which it was collected, unless disclosure is authorised or required by law. When it becomes necessary to disclose information to third parties, such as service providers, contractors, or partners, the disclosure is limited to what is reasonably necessary to perform the contracted services. Each disclosure is governed by binding arrangements that require the recipient to protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Overseas Transfers and Safeguards

Personal information collected by Advance Generations may be stored or processed by overseas service providers. When data is transferred outside Australia, Advance Generations ensures appropriate safeguards are in place, such as contractual protections and, where applicable, information about cross-border disclosure provided to individuals. The use of overseas facilities is restricted to purposes that support Advance Generations’ operations and obligations, with ongoing monitoring to maintain alignment with APP 8 (see Appendix A) requirements.

Data Security

Advance Generations employs a combination of technical and administrative safeguards to protect personal information. These safeguards include encryption in transit and at rest where feasible, robust access controls, and multi-factor authentication. An ongoing program of system hardening, patch management, and security training supports the protection of data. An incident response plan guides the timely detection, containment, and remediation of any security incidents.

Data Integrity and Quality

Advance Generations takes reasonable steps to ensure personal information is accurate, complete, and up to date for the purposes for which it is used. Individuals are encouraged to notify the Privacy Officer of any changes to their information, and Advance Generations has processes to verify and correct information as needed.

Data Retention and Disposal

Personal information is retained for as long as necessary to fulfil the purposes of collection, to meet legal and regulatory obligations, or to support governance needs. Appendix B provides the detailed retention schedule for each data category, including disposal methods. When information is no longer required, it is disposed of securely or de-identified in a manner consistent with applicable standards.

Access, Correction, and Deletion

Individuals may request access to their personal information by contacting the Privacy Officer. They may also request correction of any information that is inaccurate or incomplete, or request deletion, where permitted by law and this policy. Advance Generations will respond within a reasonable timeframe and in accordance with the APPs.

Direct Marketing

If Advance Generations engages in direct marketing activities, these activities will comply with APP 7 (See Appendix A). Individuals will be provided with clear and accessible opt-out mechanisms, and marketing communications will only be sent where consent or another lawful basis applies.

Automated Decision-Making and Profiling

Advance Generations does not use automated decision-making or profiling that would have a material impact on individuals. If such activities are introduced in the future, the Policy will be updated to ensure appropriate transparency, safeguards, and rights of individuals are provided in accordance with the APPs.

Data Breach Response

In the event of a data breach, Advance Generations will respond promptly in accordance with its incident response plan. If a breach is likely to result in serious harm, affected individuals and the OAIC will be notified in accordance with the Notifiable Data Breaches regime. The notification will include details of the breach, the categories of information affected, potential harm, and steps taken to contain and remediate the breach, along with contact information for further assistance.

Governance, Training, and Review

Privacy governance is overseen by the Privacy Officer, who is responsible for privacy compliance, staff training, and ongoing monitoring. Regular privacy training is conducted for staff and contractors, and privacy risks are assessed through periodic audits. This Policy will be reviewed annually and updated as needed to reflect regulatory changes or organizational developments.

Amendments and Version Control

Any amendments to this Policy will be documented with version numbers, dates, and a brief description of changes. Approved updates will be communicated to relevant stakeholders, and the updated version will replace prior versions on Advance Generations’ privacy page and in governance repositories.

Complaints or Concerns

If there are any privacy-related concerns, or people wish to lodge a complaint or provide feedback about how their personal information has been collected, stored, used, or disclosed, they may contact the Privacy Officer in writing at [email protected].

Acknowledgement of a complaint or feedback will be sent within five business days, and a substantive response will be provided within up to 30 days, or longer if the matter is complex. If they are not satisfied with the outcome, they may escalate the complaint to the Office of the Australian Information Commissioner (OAIC) using the OAIC complaint process.

(Version 1.0 – 18 November 2025)