Privacy Policy




In the event of a finding of a Breach of Privacy committed by staff, volunteers or Board Directors, Warringu is obliged to inform their funding body, as well as any other relevant authority as soon as possible after the event, and no later than within one week of the occurrence.


This privacy policy describes how Warringu Aboriginal and Torres Strait Islander Corporation “(Warringu”, “us”, “we” and “our”) collect, hold, use and disclose personal information, including in connection with the website and services available at (the website). The website is operated by Warringu Aboriginal and Torres Strait Islander Corporation.

Your privacy is important to us. We are committed to providing you with the information you need to make informed choices about the ways you use the website and our services, make donations or otherwise engage with us.

This Privacy Policy describes how we manage the personal information we collect, hold, use and disclose from time to time.

“Personal Information” means information about an identified or identifiable individual. Examples of personal information include your name, your mobile number, your email address and your photograph.

The types of personal information that we collect and hold about you will depend on the nature of your engagement with us. We will only collect your personal information where it is reasonably necessary for us to pursue one or more of our functions or activities, or where we are required to collect the information by law.

When you use our website or our services or otherwise engage with us, we may collect details such as your:

  • Name
  • Physical Address
  • Email Address
  • Date of birth
  • Telephone/Mobile number
  • Organisation you work for
  • Service request/information

Website Comments

When visitors leave comments on the website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help span detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GSP) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “remember me” your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires in one day.

Embedded content from other websites

Articles on this site may include embedded content (eg: videos, images, articles etc). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

Warringu realizes the importance of ensuring that personal information held by the corporation is treated confidentially and is committed to ensuring that all personal information is only collected, disclosed, used and stored in accordance with the Privacy Act 1988 (Cwlth).

Collection of Personal Information

Warringu may collect and use your personal information if you:

  • Deal with us over the phone, via email or in person
  • Register for our services
  • Donate to Warringu
  • Apply for a position with us either as an employee, volunteer or contractor.

Warringu will not collect or monitor any personal information about an individual without their consent. The only personal information collected is what has been provided voluntarily.

Use and disclosure of personal information

Any personal information that we collect will only be used and disclosed for the purpose for which it has been provided to us. Personal information may need to be disclosed to external service providers engaged by Warringu in order for those service providers to fulfill their service obligations to the firm. For example: IT service providers who assist in managing Warringu’s servers and networks may need to access client data in order to maintain the servers and networks; where personal information is disclosed to an external party, Warringu will take steps to ensure that the external party treats such information confidentially and in accordance with the Privacy Act 1988 (Cwlth).

Personal Information Security

Warringu is committed to keeping secure the data you provide to us and we take reasonable steps, including reasonable administrative, physical and technological measures to protect the confidentiality and security of your personal information. Your personal information is maintained in a secure environment, which can only be accessed by authorised personnel.

Unfortunately, no website, server or database is 100% secure. Therefore, we cannot guarantee its absolute security.


Warringu will comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017 and will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm to any people involved.

The Australian Information Commissioner must also be notified of eligible data breaches at by completing the Office of Australian Information Commissioner (OAIC) Notifiable Data Breach Form.

In so far as this policy imposes any obligations on Warringu, those obligations are not contractual and do not give rise to any contractual rights. To the extent that this policy describes benefits and entitlements for employees, they are discretionary in nature and are also not intended to be contractual. The terms and conditions of employment that are intended to be contractual are set out in your written employment contract.

Warringu may unilaterally introduce, vary, remove or replace this policy at any time.

Human Services Quality Standards – Standard 1 Indicator 1.7 ‘The organisation has effective information management systems that maintain appropriate controls of privacy and confidentiality for stakeholders.’ ’


From time to time it may be necessary for us to revise our privacy policy. We reserve the right to change our privacy policy at any time without prior notice. We will notify you of the changes by posting an updated version of the policy on our website.