Privacy policy


PRIVACY POLICY

The Innocent Souls Foundation Ltd
ABN 64 697 123 783

Effective Date: June 12th, 2026
Last Updated: June 16th, 2026

1. Introduction

The Innocent Souls Foundation Ltd ("TISF", "we", "our", or "us") is committed to protecting the privacy, confidentiality, integrity, and security of personal information entrusted to us.

As an Australian not-for-profit organisation dedicated to child protection, cyber safety, prevention, education, research, advocacy, victim support, safeguarding initiatives, and community engagement, we recognise the importance of maintaining the highest standards of privacy and information governance.

This Privacy Policy explains how we collect, use, disclose, store, protect, and manage personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, international privacy obligations including the General Data Protection Regulation (GDPR).

By accessing our website, engaging with our programs, making a donation, subscribing to communications, submitting information, applying to volunteer, or otherwise interacting with TISF, you acknowledge and agree that your personal information may be handled in accordance with this Privacy Policy.

2. About Us

The Innocent Souls Foundation Ltd
ABN: 64 697 123 783

Registered Address:
3 Amy Close
Wyong NSW 2259
Australia

Privacy Enquiries:
Email: info@tisf.org.au

Website: https://tisf.org.au

3. Scope of This Policy

This Privacy Policy applies to personal information collected through:

  • Our website;
  • Online forms;
  • Volunteer applications;
  • Donations and fundraising activities;
  • Newsletter subscriptions;
  • Event registrations;
  • Research initiatives;
  • Child protection and cyber safety programs;
  • Community engagement activities;
  • Safeguarding and reporting mechanisms;
  • Partnership enquiries;

Communications by email, telephone, social media, online platforms, and written correspondence.

4. Types of Information We Collect

Depending on the nature of your interaction with TISF, we may collect the following information.

Personal Information

  • Full name;
  • Email address;
  • Telephone number;
  • Residential or postal address;
  • Organisation name;
  • Position or professional title;
  • Date of birth where necessary;

Communication preferences.

Volunteer and Applicant Information

  • Curriculum vitae (CV);
  • Employment history;
  • Qualifications;
  • Certifications;
  • References;
  • Screening information;
  • Working with Children Check details where required by law.;

Donation Information

Where donations are accepted, we may collect:

  • Donor name;
  • Contact details;
  • Donation amount;
  • Transaction records;
  • Tax receipt information.

TISF does not store complete payment card information. Payment processing is conducted through authorised third-party payment providers.

Communications Information

  • We may collect information contained in:
  • Emails;
  • Enquiries;
  • Contact forms;
  • Feedback submissions;
  • Surveys;
  • Event registrations;
  • Support requests.

Child Protection and Safeguarding Information

Due to the nature of our charitable activities, we may receive information relating to:

  • Child welfare concerns;
  • Child safeguarding matters;
  • Online exploitation concerns;
  • Cyber safety reports;
  • Grooming indicators;
  • Victim support referrals;
  • Community reports;
  • Public submissions;
  • Research participation.

Sensitive Information

Where reasonably necessary and permitted by law, we may collect sensitive information, including:

  • Information relating to vulnerable individuals;
  • Child protection information;
  • Information provided as part of safeguarding reports;
  • Information relevant to referrals and support services;
  • Volunteer screening information.

Sensitive information will only be collected where reasonably necessary for our functions, with consent where required, or where authorised by law.

5. Information About Children

Protecting children is central to our mission.

TISF recognises that children and young people require enhanced privacy protections.

Where information relating to children is collected, we will take reasonable steps to:

  • Obtain parental or guardian consent where appropriate;
  • Limit collection to information reasonably necessary for the intended purpose;
  • Apply enhanced safeguards and security controls;

 

Restrict access to authorised personnel and approved service providers.

Parents, guardians, authorised representatives, schools, support organisations, or government agencies may provide information relating to children where appropriate and lawful.

If we become aware that information has been collected from a child inappropriately or without required authority, we will take reasonable steps to address the matter.

6. How We Collect Information

We may collect information directly from you when you:

  • Visit our website;
  • Contact us;
  • Subscribe to newsletters;
  • Register for events;
  • Make donations;
  • Submit forms;
  • Apply to volunteer;
  • Participate in research activities;
  • Request assistance;
  • Submit reports, concerns, referrals, or safeguarding information.
  • We may also collect information from:
  • Parents or guardians;
  • Government agencies;
  • Educational institutions;
  • Professional referees;
  • Partner organisations;
  • Publicly available lawful sources;

Third-party service providers acting on our behalf.

7. How We Use Personal Information

We may use personal information to:

  • Deliver charitable programs and services;
  • Advance child protection and safeguarding initiatives;
  • Provide cyber safety education;
  • Manage donations and fundraising activities;
  • Process volunteer applications;
  • Conduct research and prevention activities;
  • Assess safeguarding concerns;
  • Facilitate referrals to support services;
  • Respond to enquiries and requests;
  • Improve our programs and website;
  • Communicate with stakeholders;
  • Comply with legal obligations;
  • Protect children and vulnerable persons;

Prevent fraud, misuse, or unlawful conduct.

8. Safeguarding Reports, Community Concerns and Intelligence Submissions

TISF may receive reports, referrals, concerns, intelligence submissions, safeguarding information, cyber safety reports, or other information relating to children, vulnerable persons, online exploitation, grooming behaviours, child sexual abuse material, cyber-enabled offences, or related risks.

Individuals submitting information should provide only information reasonably necessary to explain the concern being reported.

TISF may assess, record, analyse, refer, share, or disclose such information where reasonably necessary to:

  • Protect children or vulnerable individuals;
  • Prevent harm;
  • Support safeguarding activities;
  • Facilitate referrals;
  • Meet legal obligations;

Assist authorised government agencies, regulators, child protection authorities, or law enforcement bodies.

Submission of information to TISF does not create a contractual relationship or a duty to investigate every report received.

TISF reserves the right to determine how information is assessed, prioritised, referred, retained, or otherwise managed in accordance with applicable laws, internal policies, available resources, and organisational objectives.

9. Research, Prevention and Public Interest Activities

As part of our charitable purposes, TISF may conduct:

  • Research activities;
  • Educational initiatives;
  • Prevention programs;
  • Community awareness campaigns;
  • Child protection projects;
  • Cyber safety initiatives;

Intelligence-led safeguarding activities.

Information may be aggregated, anonymised, de-identified, analysed, or used for statistical purposes to identify trends, risks, vulnerabilities, and opportunities for prevention and public benefit.

TISF will take reasonable steps to ensure that publicly released research does not identify individuals unless authorised by law or consent has been obtained.

10. External Support and Referral Services

TISF may facilitate referrals to external service providers including:

  • Psychologists;
  • Counsellors;
  • Healthcare professionals;
  • Legal practitioners;
  • Government agencies;
  • Community support organisations; 

Victim support services.

TISF does not provide psychological, medical, legal, or clinical treatment services unless expressly stated.

Services provided by third-party organisations are governed by their own privacy policies, professional obligations, and terms of service.

11. Disclosure of Personal Information

We may disclose personal information where reasonably necessary to:

  • Employees and authorised volunteers;
  • Professional advisers;
  • Technology providers;
  • Cloud service providers;
  • Payment processors;
  • Government agencies;
  • Child protection authorities;
  • Law enforcement agencies;
  • Regulators;
  • Contractors and consultants;

Partner organisations supporting our charitable objectives.

Information will only be disclosed where consent has been provided, disclosure is reasonably necessary for our activities, or disclosure is authorised or required by law.

12. International Disclosure

Some service providers engaged by TISF store or process personal information outside Australia. These providers are located primarily in the United States, and in some cases the European Union (including Ireland).

Current overseas service providers include:

  • Shopify Inc. (United States) — website platform, online store, donation and product transactions, customer/donor records, form submissions
  • Microsoft 365 (United States / EU) — email, document storage, collaboration tools
  • Google LLC (United States / EU) — Google Analytics, Google Workspace, cloud infrastructure
  • Dropbox Inc. (United States) — file storage and document management
  • Canva Pty Ltd (Australia, with US/EU infrastructure) — design and content creation
  • Recharge Payments (United States) — subscription and recurring donation processing
  • Email marketing platform(s) (United States) — newsletter and communication delivery

The categories of personal information transferred to overseas recipients are limited to:

  • Contact details (name, email address, phone number)
  • Donation and transaction records
  • Email communications and newsletter subscriptions
  • Website analytics data (IP address, device and browser information, usage data)
  • Form submissions and event registrations

Safeguarding reports, child protection information, and sensitive personal information are not intentionally transferred to overseas systems and are managed under enhanced access controls.

TISF takes reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles. These steps include:

Engaging providers that are bound by contractual data protection obligations, including Data Processing Addenda (DPAs) and, where applicable, Standard Contractual Clauses (SCCs);

Selecting providers subject to privacy frameworks that provide substantially similar protections to Australian law; and

Where required, obtaining individual consent to overseas disclosure prior to transfer.

Where it is not practicable to ensure an overseas recipient complies with the APPs, TISF will notify individuals before disclosure and, where required, seek consent in accordance with APP 8.2(a).

Additional third-party applications installed on our platform may have access to contact, transaction, or usage data as part of their integration. A current list of installed applications is maintained internally and reviewed periodically.

Individuals may contact us at info@tisf.org.au with any questions about overseas disclosure of their personal information.

13. Cookies, Analytics and Website Technologies

Our website uses cookies and similar technologies to improve security, functionality, performance, and user experience.

Information collected may include:

IP address;

Device information;

Browser type;

Operating system;

Geographic location data;

Website usage information;

Referring websites.

We currently use, or may implement in the future:

Google Analytics;

Website performance monitoring tools;

Security monitoring technologies;

Cookie consent management systems.

Users may manage cookie preferences through browser settings and available website controls.

Where required, consent will be obtained before non-essential cookies are activated.

14. Data Security

TISF takes information security seriously and implements administrative, technical, and physical safeguards designed to protect personal information.

Measures may include:

  • Multi-factor authentication;
  • Access controls;
  • Role-based permissions;
  • Encryption technologies;
  • Secure cloud storage;
  • Cybersecurity monitoring;
  • Staff and volunteer confidentiality obligations;

Information governance procedures.

While we take reasonable precautions, no electronic transmission or storage system can be guaranteed to be completely secure.

15. Data Retention

Personal information is retained only for as long as reasonably necessary to:

  • Fulfil operational requirements;
  • Meet legal obligations;
  • Protect children and vulnerable persons;
  • Maintain organisational records;
  • Resolve disputes;
  • Support safeguarding and compliance activities.

When information is no longer required, it will be securely destroyed, deleted, anonymised, or de-identified where appropriate.

16. Marketing Communications

From time to time, TISF may send:

  • Newsletters;
  • Program updates;
  • Educational resources;
  • Event invitations;
  • Fundraising communications;

Awareness campaigns.

Individuals may unsubscribe at any time using the unsubscribe mechanism provided or by contacting us directly.

17. Access and Correction Rights

Individuals may request access to personal information held by TISF, subject to applicable legal exceptions.

Individuals may also request correction of inaccurate, incomplete, outdated, or misleading information.

Requests should be submitted to:

Email: info@tisf.org.au

We may require reasonable verification of identity before processing requests.

18. GDPR Rights

Where applicable under the GDPR or similar international privacy laws, individuals may have additional rights including:

  • Right of access;
  • Right of rectification;
  • Right of erasure;
  • Right to restrict processing;
  • Right to object to processing;
  • Right to data portability;
  • Right to withdraw consent.

Requests may be submitted to info@tisf.org.au.

19. Privacy Complaints

If you believe TISF has breached applicable privacy obligations, you may submit a complaint to:

Privacy Officer
The Innocent Souls Foundation Ltd
Email: info@tisf.org.au

We will investigate complaints and respond within a reasonable timeframe.

If you remain dissatisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

20. Third-Party Websites

Our website may contain links to third-party websites.

TISF is not responsible for the privacy, security, content, or practices of external websites or services.

Users should review the privacy policies of those third parties independently.

21. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in:

  • Laws and regulations;
  • Technology;
  • Organisational practices;
  • Programs and services;
  • Security requirements.

 

The most current version will always be published on our website.

This policy is reviewed at least annually by the Board

22. Contact Us

The Innocent Souls Foundation Ltd
ABN 64 697 123 783

3 Amy Close
Wyong NSW 2259
Australia

Email: info@tisf.org.au

Website: https://tisf.org.au

The Innocent Souls Foundation is committed to maintaining the trust of children, families, supporters, volunteers, donors, partners, and the broader community through responsible, transparent, and secure management of personal information.