Future Friendly’s general approach
Future Friendly will keep your Personal Information confidential and not sell or knowingly divulge User information to any external third parties, unless:
The disclosure is made in accordance with an agreement on foot with you, or to which you otherwise consented;
We believe, in good faith, that we are required to share the Personal Information with a third party in order to comply with legitimate legal obligations;
The disclosure is to a third-party processor of Personal Information that acts on our behalf and/or under our instruction in order to enable us to develop and deliver the FF Services (e.g. a cloud service provider or local marketing and development partner);
Other entities acquire ownership or operation of Future Friendly or the FF Services; and/or
We need to protect the safety of Users, and the security of the FF Services.
Users can always refuse or revoke this consent, but sometimes this will affect Future Friendly’s ability to provide them with the FF Services and other offerings. Future Friendly will advise Users if this is the case.
De-identified information refers to information that cannot reasonably be used to identify a particular individual.
De-identified information that will never be able to personally identify particular individuals is referred to as anonymised information (e.g. statistics that show 90% of Users were happy with the FF Services). Additionally, de-identified information that can identify individuals only if it is combined with another, separate piece of information is referred to as pseudonymised information (e.g. ID numbers).
Where possible Future Friendly will aim to collect, store and use anonymised information as a first preference, and if not, then pseudonymised information.
However, sometimes it will be impractical for User information to be de-identified or treated in this way, and in this case, Future Friendly will continue to use and hold the information in a personally identifiable state. For example, if Future Friendly needs to reply to a User enquiry we will have to use the contact information provided.
Future Friendly is committed to information security. We will use all reasonable endeavours to keep the Personal Information that we collect, hold and use in a secure environment. All information collected will be classified based on its sensitivity. Security controls and storage of the information will be dependent on the classification.
To this end we have implemented technical, organisational and physical security measures that are designed to protect Personal Information, and to respond appropriately if it is ever breached. For example, all Personal Information stored digitally is encrypted and all Personal Information stored in hard copy is stored in a closed locker with a padlock. Future Friendly has also developed an extensive Data Breach Response Plan which we use to prepare and respond to data breaches.
When information collected or used by Future Friendly is stored on third party service providers (e.g. AWS cloud servers), Future Friendly takes reasonable steps to ensure these third parties use industry standard security measures that meet the level of information security Future Friendly owes Users.
As part of our privacy framework we endeavour to routinely review these security procedures and consider the appropriateness of new technologies and methods.
With our advisors, we also train our staff in how to keep your information safe and secure.
In the circumstances where Future Friendly suffers a data breach that contains Personal Information, we will execute our Data Breach Response Plan and endeavour to take all necessary steps to comply with the Notifiable Data Breach Scheme outlined under the Act.
This means we will immediately make an objective assessment of whether a breach of Personal Information is likely to result in serious harm to individuals, and if this is the case, endeavour to notify the affected individual(s) and the Australian Information Commissioner.