Policies

Training and events

Payment

• The Stephanie Alexander Kitchen Garden Foundation (SAKGF) accepts fees for events/training in order to cover costs and further the work of the Foundation, not for a profit.
• All payments for events/training are to be received on registration, or in the case of Kitchen Garden Program Schools, at least ten days before the event/training commences.
• If payment of an event/training fee has not been received within the stated period, a registration may be cancelled. The registrant will be notified prior to this occurring.
• All registrations are deemed to have been placed by an appropriate, approved representative of an individual or organisation.
• Cancellations are subject to the terms and conditions outlined below.

Cancellation

• SAKGF understands that there are occasions when bookings for events/training need to be cancelled. We reserve the right to charge 50% of the full fee if less than five business days notice of cancellation is given. If you cancel less than two business days before the commencement of the event/training, or do not attend, you will be charged the full fee. This ensures that we are able to cover any fees or losses incurred for venue hire, equipment, materials and catering based on confirmed numbers.
• We are happy to accommodate a replacement participant, at no additional charge, when given at least two business days notice.
• Full refunds are only provided if the registrant provides more than five days notice or a medical certificate for the date in question.
• There may be times when the number of registrants does not cover the costs of providing an event/training session. SAKGF reserves the right to cancel events/training at its discretion and undertakes to give notice to registrants at least five days prior to the date in question.

Non-attendance

• Fees will not be refunded or allocated to another event/training session if a registrant fails to attend.

Waiting list

• Those who register for an event/training waiting list will be contacted only if a place becomes available. No priority will be given to particular individuals.

Catering

• SAKGF makes every effort to cater to individual dietary restrictions and food intolerances. However, catering is consumed at the participant’s own risk.

Transport and accommodation

• SAKGF provides transport to and from events/training in a small number of selected instances only. Transport and/or accommodation cannot be provided on request from registrants. Registrants are responsible for their own transport to and from events/training, and their own accommodation should it be required.

Access, safety and equity

• SAKGF events/training are conducted at premises deemed safe and accessible by the Foundation. However, events/training are attended at the participant’s own risk.
• Registrants are encouraged to notify SAKGF of any disability or medical condition that might impact on their experience of an event/training session. SAKGF makes every effort to provide accessible and equitable events/training that are open to everyone.

Copyright

• All content provided is copyright protected and owned by the Stephanie Alexander Kitchen Garden Foundation unless otherwise stated. This includes, but is not limited to, all text, images, graphics, audio commentary, visual presentations and any event/training-related files.
• Event/training material provided may not be copied, reproduced or distributed in any form without prior written consent.
• All material provided and presented during events/training is for the sole use of the participating individual and/or organisation.

Purchases

• You are entitled to a refund, exchange or credit if the product you have purchased from SAKGF is: faulty; significantly different to that shown or described to you; or unfit for the purpose for which it was intended.
• Please choose carefully. We do not automatically refund if you change your mind.
• You may be offered an exchange if you have simply selected the wrong item, provided the item is in re-saleable condition; that is, in its original packaging and unused.
• Returns for refund or exchange will only be accepted within seven days of your receipt of the goods.
• Return postage is at the customer’s expense unless the product purchased is defective.
• All returns should be sent to SAKGF, PO Box 104, Abbotsford, VIC, 3067 with a brief explanation.

Credit card transactions

Information provided to us for credit card transactions is not sold or distributed to third parties. Credit card payments are processed through Westpac with secure payment, using 128-bit SSL encryption. The information is collected solely for Westpac to securely process the order and is not retained or used by SAKGF for any other purpose.

Delivery

We deliver products using Australia Post. Shipping costs are calculated in the shopping cart and will be added to the order total at checkout. Orders are usually dispatched within 7 days. Please allow up to 14 days for delivery of any purchases.

Privacy

1. Overview

1.1 This policy explains how the SAKGF collects and handles your Personal Information.

1.2 The SAKGF is committed to protecting your privacy. Establishing a trusting relationship with our users is central to our work practices.

1.3 Privacy Legislation means, as applicable, the Privacy Act 1988 (Cth) or supplements, Australian state or territory privacy laws, or any legislation that replaces those laws, and the Health Records Act 2001 (Vic).

1.4 In this policy, Personal Information or Personal Data has the same meaning as in the Privacy Legislation.

2. Purpose

2.1 The purpose of this policy is to provide a framework for the SAKGF in dealing with privacy considerations.

2.2. In this policy we set out how SAKGF intends to collect, store, use, disclose, protect and otherwise handle your personal information and health information having regard to:

• (a) the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act);
• (b) the Information Privacy Principles (Vic IPPs) contained in the Privacy and Data Protection Act 2014 (Vic) (PDP Act);
• (c) the Health Privacy Principles (Vic HPPs) contained in the Health Records Act 2001 (Vic) (HR Act);
• (d) the Information Privacy Principles (NSW IPPs) contained in the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act);

(e) the Health Privacy Principles (NSW HPPs) contained in the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act); and
(f) any applicable code of practice made under the Privacy Act, the PDP Act, the HR Act, the PPIP Act and the HRIP Act,
(collectively, the Privacy Principles).

2.3 SAKGF does not intend to collect health information about you. However, if it does, the SAKGF will collect, hold, use and disclose that health information in accordance with this Privacy policy, the HR Act and the HRIP Act.

2.4 This Privacy policy does not constitute a contractual representation, promise, guarantee or warranty by the SAKGF to you as to the way the SAKGF will or may collect, store, use, disclose, protect or otherwise handle your information. Some matters are beyond the control of the SAKGF, such as third party malicious or criminal attacks.

2.5 This Privacy policy applies to the SAKGF and its related entities. This includes (but is not limited to) employees, officers, contractors, subcontractors, agents, volunteers, members, representatives and any subsidiaries. These related entities comply with the same obligations that the SAKGF must protect your personal information under this Privacy policy.

2.6 We may update this policy from time to time in accordance with legislative or operational changes. If you would like us to send you a copy or have comments or questions regarding this policy, please contact us using the details provided in clause 12.

3. Types of information we collect

3.1 The type of information that we collect, and hold depends on the nature of a person’s involvement with us.

3.2 We only collect your Personal Information where it is reasonably necessary for us to pursue one or more of our functions or activities including conducting a Project under a Grant Agreement with VicHealth between 2024-27, or where the law requires us to collect it.

3.3 Depending on the reason for collecting it, the Personal Information we collect may include (but is not limited to):

• (a) your name and contact details;
• (b) copies of identification documentation;
• (c) payment information and banking details if you are purchasing a product through us;
• (d) Personal Information contained in forms or applications;
• (e) Personal Information contained in queries, or feedback about our services;
• (f) usage data (which may include your IP address, the pages you have clicked through on our websites, websites that referred you to our sites, information about the device you are using, and your wider geographic location).

3.4 In some circumstances, we collect Sensitive Information, which requires a higher level of protection under the Privacy Legislation. We consciously limit how much Sensitive Information we collect, and we only collect it when we have your consent, and the collection is reasonably necessary for us to pursue one or more of our functions or activities. In this policy, Sensitive Information (or Special Category Data) has the same meaning as in the Privacy Legislation.

4. How we deal with unsolicited personal information

4.1 If we receive your Personal Information from you or a third party without having asked for it, and we determine we do not have a need for it, we will destroy or deidentify the information as soon as practicable, so long as it is lawful and reasonable to do so.

5. How we use your personal information

5.1 We use your Personal Information for a range of purposes, including:

• (a) providing you with our services;
• (b) improving our services through quality-improvement activities;
• (c) providing you with information, news, offers and surveys;
• (d) helping you to access the most appropriate information and tools associated with our websites;
• (e) providing you with support if you need technical assistance;
• (f) processing payments, including donations;
• (g) communicating important service-related announcements, changes to our services or policies, or password notifications;
• (h) providing you with information about your account and newsletters you have signed up to receive;
• (i) answering inquiries and resolving complaints;
• (j) complying with directions from authorities or legislative requirements;
• (k) screening for or preventing potentially fraudulent, illegal or abusive activity;
• (l) storing your data so it is available for your future use of our services.

5.2 We may also collect, hold, use and disclose Personal Information for purposes:

• (a) which we explained at the time of collection; or
• (b) which are required by law; or
• (c) for which you have provided your consent; or
• (d) which are necessary for maintaining the reliability and security of infrastructure and services.

5.3 We only use or disclose your Personal Information for the above purposes, or for purposes that you consent to, or for other related purposes that you would reasonably anticipate.

5.4 To the extent you submit content to public areas of our websites (for example, on a public online forum), it will be available to the public and we may reuse or republish it. If you request that such content be removed, we will do our best to promptly remove it.

5.5 If you have any concerns about us using your Personal Information in any of these ways, please notify us immediately.

6. How we store and handle your data

6.1 We hold Personal Information in several ways, including in platforms in the cloud, email contact lists, and in paper files held in secure offices.

6.2 We take reasonable steps to:

• (a) make sure that the Personal Information is accurate, up to date and complete, and (in the case of use and disclosure) relevant;
• (b) protect the Personal Information from misuse, interference, loss, unauthorised access, destruction, modification or disclosure;
• (c) destroy or permanently de-identify Personal Information that is no longer needed. (However, we will keep information for a longer period where necessary to comply with contractual, regulatory or legal requirements.)

6.3 Any Personal Information we provide to you through your online account(s) with SAKGF is password-protected.

• (a) You must not reveal or share your password with anyone.
• (b) We will never ask for your password, either verbally or through phone or email contact (whether initiated by you or us).

7. Accessing and correcting your Personal Information

7.1 If you would like:

• (a) confirmation that we hold your Personal Information;
• (b) to access your Personal Information; or
• (c) to correct your Personal Information
  you can request this by using the contact details in clause 12.

7.2 We will respond to your request within a reasonable period and within any timeframe specified by the Privacy Legislation. You may make an urgent request to access or correct your Personal Information, which should include the reasons for the urgency.

7.3 Prior to allowing access to your Personal Information, we may ask you to take steps to verify your identity.

7.4 We will allow you to access your Personal Information unless there is a sound reason not to, including where:

• (a) giving access would have an unreasonable impact on the privacy of others; or
• (b) we reasonably consider that your request for access is frivolous or vexatious; or
• (c) it is not permitted under the applicable Privacy Legislation.

7.5 If we refuse to give you access to your information, we will give you a notice setting out our reasons.

7.6 If you believe that information, we hold about you is incorrect or out of date, please contact us and we will take all reasonable steps to amend the information in line with your request.

7.7 If the information has been collected on behalf of others (refer to clause 4), we may direct you to contact the relevant party to initiate your request.

8. Third party service providers

8.1 SAKGF uses some third-party service providers (sub-processors) to support our websites and operations. These third-party service providers can include foreign entities that operate in an overseas jurisdiction.

• (a) We select reputable third-party service providers based on their published privacy policies.
• (b) By using our services and interacting with the SAKGF, you acknowledge that third party service providers that are foreign entities may not be required to protect your Personal Information in a way that provides comparable safeguards as those provided in the Privacy Legislation.

8.2 Any questions related to our use of third-party service providers can be directed to us via the contact details in clause 12.

9. Direct marketing

9.1 We only use your Personal Information to let you know about our products or services where we have your consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS or telephone.

9.2 We do not sell your Personal Information to any third party for the purposes of direct marketing.
Where you have consented to receiving marketing communications from us, your consent remains current until you advise us otherwise. You can opt out at any time, by:

• (a) contacting us as set out in clause 12;
• (b) advising us if you receive a marketing call that you no longer wish to receive; or
• (c) using the unsubscribe facility that we include in our electronic messages (such as emails and SMS).

9.3 We do not use your Sensitive Information (refer to clause 2.4) for the purposes of direct marketing

10. Notification of a data breach

10.1 If we become aware of unauthorised access to or loss of your Personal Information, we will promptly:

• (a) notify you;
• (b) investigate the cause;
• (c) do our best to remedy any consequences; and
• (d) tell you what steps we have taken to prevent a reoccurrence.

10.2 Unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, are handled in accordance with the relevant authority as follows: oaic.gov.au/privacy/notifiable-data-breaches

11. Complaints

11.1 If you have a complaint about how we collect or handle your Personal Information, please contact us using the contact details in clause 12. We treat any claims of privacy breaches seriously and will do our best to respond to your complaint within seven days of receiving it.

11.2 If you are unhappy with our response, you can refer your complaint as follows:

• (g) the Office of the Australian Information Commissioner (OAIC). Further information is available on the OAIC website: http://www.oaic.gov.au/privacy/privacy-complaints; or
• (h) the Office of the Victorian Information Commissioner (OVIC). Further information is available on the OVIC website: https://ovic.vic.gov.au/freedom-of-information/make-a-complaint/;
• (i) in relation to health information, the Health Complaints Commissioner (HCC). Further information is available on the Health Complaints Commissioner’s website: https://hcc.vic.gov.au/make-complaint; or
• (j) in relation to NSW personal and health information, the Information and Privacy Commission (IPC). Further information is available on the IPC website: https://www.ipc.nsw.gov.au/privacy/citizens/make-complaint.

12. How you can contact us

12.1 If you have any questions about this Privacy policy or the SAKGF’s management of your personal information, including queries, complaints, or requests for access to, or correction of, personal information, please contact SAKGF on:

• (a) Call us on 13000 SAKGF (13000 72543) or 03 8415 1993
• (b) Email us on info@kitchengardenfoundation.org.au
• (c) Send a letter to us at:
  Attention: Privacy Officer, SAKGF, PO Box 104, Abbotsford VIC 3067

13. Responsibilities

The SAKGF’s Board is responsible for developing, adopting and reviewing this policy.

The SAKGF’s CEO is responsible for the implementation of this policy, for monitoring changes in Privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.

14. Processes and procedures

14.1 Collection

• Only collect information that is necessary for the performance and primary function of the SAKGF.
• Collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
• Notify stakeholders about why we collect the information and how it is administered.
• Notify stakeholders that this information is accessible to them.
• Collect personal information from the person themselves wherever possible.
• If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.
• Collect Sensitive information only with the person’s consent or if required by law. (Sensitive information includes health information and information about religious beliefs, race, gender and others).
• The SAKGF will also collect sensitive information about an individual if such collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
  -is physically or legally incapable of giving consent to the collection; or
  -physically cannot communicate consent to the collection; or
• If the SAKGF collects information during the activities of a non-profit organisation—the following conditions must be satisfied:
  -the information relates solely to the members of the SAKGF or to individuals who have regular contact with it in connection with its activities;
  -at or before the time of collecting the information, the SAKGF informs the individual whom the information concerns that it will not disclose the information without the individual’s consent; and
  -the collection must be necessary for the establishment, exercise or defence of a legal or equitable claim.
• The SAKGF will collect health information about an individual if:
  - the information is necessary to provide a health service to the individual; and
  - the information is collected as required or authorised by or under law and in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.
• Determine, where unsolicited information is received, whether the personal information could have collected it in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).

14.2 Use and Disclosure

• Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
• For other uses, SAKGF will obtain consent from the affected person.
• In relation to a secondary purpose, use or disclose the personal information only where:
  -a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
  -the person has consented; or
  -certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
• In relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and the SAKGF has provided an opt out and the opt out has not been taken up.
• In relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out).
• In each direct marketing communication with the individual, the SAKGF draws to the individual’s attention, or prominently displays a notice, that he or she may express a wish not to receive any further direct marketing communications.
• State in the SAKGF privacy policy whether the information is sent overseas and further will ensure that any overseas providers of services are as compliant with privacy as the SAKGF is required to be. Such disclosures will only be made if:
  - the overseas recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or
  - the individual consents to the transfer; or
  - the transfer is necessary for the performance of a contract between the individual and the organisation, or for the implementation of pre contractual measures taken in response to the individual’s request; or
  - the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the organisation and a third party; or
  - the organisation has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the National Privacy Principles.
• In relation to the overseas transfer of personal information, if it is impractical for the SAKGF to receive the person’s consent to that transfer, the SAKGF must have sufficient reasons to believe that the person would likely give consent could they be contacted.
• Provide all individuals access to personal information except where it is a threat to life or health or it is authorized by law to refuse and, if a person can establish that the personal information is not accurate, then the SAKGF must take steps to correct it. The SAKGF may allow a person to attach a statement to their information if the SAKGF disagrees it is inaccurate.
• Where for a legal or other reason we are not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties.
• Make no charge for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.
• Each written direct marketing communication with the individual must set out the SAKGF’s business address and telephone number and, if the communication with the individual is made by electronic means, a number or address at which the SAKGF can be directly contacted electronically.
• If the disclosure of sensitive information is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety and it is impracticable for the SAKGF to seek the individual’s consent before the use or disclosure and the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95A, the SAKGF may make such a disclosure.
• If the SAKGF has sufficient reasons to believe that an unlawful activity has been, is being or may be engaged in, and the disclosure of personal information becomes a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, the SAKGF may make such disclosures.
• The SAKGF may further disclose personal information if its disclosure is mandated by an enforcement body or is required for the following:
  - the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
  - the enforcement of laws relating to the confiscation of the proceeds of crime;
  - the protection of the public revenue;
  - the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
  - the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
• For this Clause, the SAKGF must make a written note of the use or disclosure.

14.3 Storage SAKGF

• Implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure.
• Before the SAKGF discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant. The SAKGF will have systems which provide sufficient security.
• Ensure that the SAKGF data is up to date, accurate and complete.

14.4 Destruction and de-identification SAKGF

• Destroy personal information once it is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.
• Change information to a pseudonym or treat it anonymously if required by the person whose information the SAKGF holds.
• Do not use any government related identifiers unless they are reasonably necessary for our functions.

14.5 Data Quality

The SAKGF will:

• Take reasonable steps to ensure the information the SAKGF collects is accurate, complete, up to date, and relevant to the functions we perform.

14.6 Data Security and Retention

The SAKGF will:

• Only destroy records in accordance with the SAKGF’s Data Retention and Destruction policy.

14.7 Openness

The SAKGF will:

• Ensure stakeholders are aware of the SAKGF’s Privacy policy and its purposes.
• Make this information freely available in relevant publications and on the SAKGF website.
• On request by a person, the SAKGF must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

14.8 Access and Correction

The SAKGF will:

• Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.
• If the individual and the SAKGF disagree about whether the information is accurate, complete and up to date, and the individual asks the SAKGF to associate with the information a statement claiming that the information is not accurate, complete or up to date, the SAKGF will take reasonable steps to do so.
• The SAKGF will provide to the individual its reasons for denial of access or a refusal to correct personal information.
• The SAKGF can withhold the access of an individual to his/her information if:
  - providing access would pose a serious and imminent threat to the life or health of any individual; or
  - providing access would have an unreasonable impact upon the privacy of other individuals; or
  - the request for access is frivolous or vexatious; or
  - the information relates to existing or anticipated legal proceedings between the SAKGF and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
  - providing access would reveal the intentions of the SAKGF in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
  - providing access would be unlawful; or
  - providing access would be likely to prejudice an investigation of possible unlawful activity; or
  - an enforcement body performing a lawful security function asks the SAKGF not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
• Where providing access would reveal evaluative information generated within the SAKGF in connection with a commercially sensitive decision-making process, the SAKGF may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
• If the SAKGF decides not to provide the individual with access to the information on the basis of the above-mentioned reasons, the SAKGF will consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
• The SAKGF may charge for providing access to personal information. However, the charges will be nominal and will not apply to lodging a request for access.

14.9 Identifiers

• The SAKGF will not adopt as its own identifier of an individual an identifier that has been assigned by any third party. It may however adopt a prescribed identifier by a prescribed organisation in prescribed circumstances.
• The SAKGF will not use or disclose the identifier assigned to an individual by a third party unless:
  - the use or disclosure is necessary for the organisation to fulfil its obligations to the agency; or
  - the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.

14.10 Anonymity

• Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.

14.11 Making information available to other organisations

The SAKGF can:

• Release information to third parties where it is requested by the person concerned.

15. Related policies and procedures

• Artificial Intelligence (AI)
• Bullying, Harassment and Discrimination
• Code of Conduct
• Complaints Management
• Cyber Security
• Data Retention and Destruction
• End User
• Fraud and Corruption Prevention
• Grievance and Dispute Resolution
• Information Security
• Records Management
• Social Media
• Whistleblower

16. Approval and review

This Privacy policy will be reviewed regularly and updated as necessary and is subject to change at any time, so we encourage you to review this Privacy policy at regular intervals. If the SAKGF changes this Privacy policy, an updated version will be posted on SAKGF's website to notify you of this change. By continuing to use SAKGF's services after that time you will be deemed to have accepted any changes to its Privacy policy.