Privacy & Confidentiality Policy


    This policy explains how Children and Young People with Disability Australia (CYDA) handles personal information. 

    CYDA is the National Disability Representative Organisation for children and young people (aged 0-25) with disability. CYDA has the mandate to advocate for children and young people with disability living in Australia and provides a link between the direct experiences of children and young people with disability and their families to federal government and other key stakeholders. To learn more about CYDA visit

    CYDA is committed to protecting the privacy and confidentiality of all personal information which the organisation collects, holds and administers. CYDA respects everyone’s rights to privacy and any personal information collected by CYDA is managed in accordance with the privacy principles contained in the Australian Privacy Act (1988)

    What is Personal Information

    Personal information is almost any information that can be used to personally identify a person such as name, address, phone number, email address, occupation or photographs etc. Some personal information is considered sensitive, such as ethnic origin, sexual orientation or criminal record. It may also includehealth information which is information that relates to an identifiable living or deceased person and concerns their health, disability or genetic make-up.

    What personal information does CYDA collect

    CYDA collects a range of personal information from members, staff, volunteers and the general public that is necessary and required for its primary functions and activities and for legal requirements only.

    CYDA may collect the following types of personal information:

    • name;
    • mailing or street address;
    • email address;
    • telephone number;
    • age or birth date;
    • profession, occupation or job title;
    • details of any calls or enquiries made to CYDA as well as any additional information that was necessary to respond to those calls or enquiries;

    information obtained through surveys and consultations with CYDA members, stakeholders and the general public;

    any additional information relating to a person that is provided to us directly through our websites or indirectly through use of our websites or online presence, or otherwise.

    CYDA may also collect some information that is not personal information because it does not identify any individual. For example, CYDA may collect anonymous answers to surveys or aggregated information about visitors to the CYDA website.

    How does CYDA use personal information

    The main ways CYDA uses personal information are to:

    • help advocate for people with disability and any related issues
    • inform submissions and/or publications on disability related matters
    • answer enquiries and resolve complaints
    • provide updates on our publications and services
    • recruit and manage staff
    • meet our workplace safety obligations.

    CYDA also uses this information, after removing identifying details, to meet its reporting obligations.

    When does CYDA disclose personal information

    CYDA will generally only disclose information for the primary purpose for which it was collected or a directly related secondary purpose where the individual would reasonably have expected us to use it for those purposes.

    For other uses CYDA will obtain consent from the affected person, unless the disclosure is required by law or the need for the disclosure (e.g. health & safety of individuals) outweighs the need for privacy

    How does CYDA ensure the quality of personal and health information recorded

    CYDA takes all reasonable steps to ensure the information collected about individuals is accurate, up-to-date and relevant to the functions and activities of the organisation. CYDA will ask people to tell us when their personal information changes so we can update our records. Where possible, CYDA checks the accuracy of information before it is used.

    How does CYDA keep personal and health information safe

    Personal information held by CYDA may be in either hard copy or electronic form. CYDA does its best to protect information from loss, misuse, unauthorised access, modification and disclosure. To do this CYDA uses procedural, physical and software safeguards.

    The CYDA website and social media pages are linked to the internet which can be insecure. CYDA cannot provide any assurance regarding the security of transmission of information sent to us online. CYDA also cannot guarantee that information supplied will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information transmitted to CYDA online is transmitted at a person’s own risk.

    CYDA requires staff to handle personal information with care and access only what they need to do their job.

    CYDA destroys personal information when it is no longer required.

    Anonymity of Personal Information

    In the course of its advocacy work CYDA frequently uses personal experiences and stories in its communications and publications. Members or individuals who have provided this information will not be identified unless they have specifically consented to be identified. CYDA will also adhere to any requests from members or individuals to not use their personal experiences.

    CYDA can change information to a pseudonym or treat it anonymously if required by the person whose information CYDA holds. CYDA will not use any government related identifiers unless they are reasonably necessary.

    CYDA also provides members and Stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.

    CYDA may collect sensitive information

    CYDA does sometimes ask for sensitive information (as defined in the Privacy Act 1988). Such information is only ever collected with the person’s consent or if required by law.

    Personal Information and Social Media

    CYDA social media pages including Facebook and Twitter are public pages on the internet. Any personal information posted on these sites are provided at a person’s own risk as CYDA cannot guarantee the privacy of the information. CYDA uses information provided on these social media sites, such as experiences and stories to inform our advocacy work.


    The CYDA website may contain links to other websites operated by third parties. CYDA make no representations or warranties in relation to the privacy practices of any third party website and are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing individuals about their own privacy practices.

    Accessing and Updating Personal Information

    CYDA will, on request by an individual, give the individual access to their personal information except where it is a threat to life or health, it could interfere with the privacy of others or if it is authorized by law to refuse. If CYDA are unable to provide access to personal information the person will be informed in writing of the reasons.

    If a person is able to establish that their personal information is not accurate, then CYDA will take steps to correct it.

    CYDA will make no charge to individuals for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.

    Complaints about Privacy and Confidentiality

    Any individual who has a complaint about how CYDA has handled their personal information should contact CYDA as soon as possible (see for contact information). CYDA aims to resolve complaints quickly and fairly.

    If however CYDA cannot resolve the complaint directly a complaint can be lodged to the Office of the Australian Information Commissioner.


    The Board of CYDA is responsible for adopting the Privacy & Confidentiality Policy

    CYDA’s Board, Chief Executive Officer and all staff members, contractors and volunteers are responsible for the implementation of the Privacy & Confidentiality Policy and Procedures.

    The Chief Executive Officer is responsible for monitoring changes in Privacy legislation and for advising the board of the need to review the Privacy & Confidentiality Policy.