Privacy Policy

Congratulations to our winners. Thank you to all our finalists and applicants, everyone who voted and the judging panel.


1. Our approach to privacy

As host of the Out of the Blue Box Challenge (OotBB), the Great Barrier Reef Foundation (GBRF) respects your privacy.

We have developed our own privacy policy, which embodies the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cwlth) (Privacy Act). Where appropriate, the GBRF will handle personal information relying on the employee records exemption and the related bodies corporate exemption in the Privacy Act.

GBRF may modify or update its privacy policy from time to time by publishing it on the GBRF website. We encourage you to check the GBRF website periodically to ensure that you are aware of our current privacy policy.

2. Collecting your personal information

Types of personal information collected

The GBRF collects personal information from individuals who are connected to our operations and activities including demographic information (e.g. name, date of birth, address), financial information (e.g. bank account and credit details) and employment information.

Generally, if appropriate, we will tell you why we are collecting personal information when we collect it and how we plan to use it, or these things will be obvious when we collect the information.

How is personal information collected?

We collect personal information from a variety of sources including donors, directors, members, Chairman Panel members, employees, volunteers, researchers/research organisations and other individuals and/or entities who may have information relevant to the GBRF activities.

The GBRF will generally collect information directly from the individual to whom it relates. However, where it is not reasonable or practicable for us to collect this information directly from the individual, we may collect information from a third party, such as a contractor or third party service provider.

Where personal information is not collected directly from the individual concerned, the GBRF will take reasonable steps to notify you of the collection or otherwise make you aware of it. Personal information will only be collected in a manner that is lawful and fair. If you choose not to provide certain personal information to us, we may not be able to provide you with the services you require or communicate with you.

Purpose of collection of personal information

The GBRF collects personal information from a variety of sources for the purposes of carrying out its functions as a conductor/funder of research, fundraising organisation, employer and other associated functions. The types of personal information we collect, and the purposes of collecting that information, include the following:

  • To communicate with our members, volunteers, donors and supporters we collect personal information (such as names, addresses and other contact details) about our members, volunteers, current and potential donors and supporters so that we can encourage, record and acknowledge their support and communicate with them about our activities, initiatives and programs.
  • Assisting with your queries You may also choose to provide us with your name or other contact details when you call us by phone, write to us or contact us using our website so that we can respond to your requests for information or comments. For example:
  • when you make an enquiry using the GBRF website, you may be asked to provide your name, email address, telephone number and other contact information;
  • we collect contact details (which may include names and email addresses) when individuals subscribe to the GBRF newsletter. Recipients may contact us to have their contact information removed from our distribution lists.
  • Reporting to funding bodies or government agencies we provide aggregated or de-identified information to funding bodies and government agencies for the purposes of reporting our research. Though we will take steps to ensure that personal information is not passed on in such reports, in some cases, personal information may be disclosed.
  • As part of our general organisational activities the GBRF also collects personal information about individuals who are, or are employed by, our volunteers, researchers/research organisations, suppliers (including service and content providers), contractors, dealers, agents and other individuals and/or entities who may have information relevant to the GBRF activities.
  • Employees, volunteers and contractors When you apply for a job (as a volunteer or employee) or contract with us we may collect certain information from you (including your name and contact details, information about your working history and relevant records checks), from any recruitment consultant and from your previous employers and others who may be able to provide information to us to assist us in our decision on whether or not to make you an offer of employment or engage you under a contract. This privacy policy does not apply to acts and practices in relation to employee records of our current and former employees which are exempt from the Privacy Act.
  • To comply with the law GBRF may also collect information from you because we are required or authorised by an Australian court or tribunal order to collect that information. We will advise you if the collection of this information is required or authorised by law and provide you with details of the law, court or tribunal order.

Collecting sensitive information

Sensitive information means information (or an opinion) about an individual’s race or ethnic origin, political opinions or membership of a political association, membership of a trade union or professional/trade association, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, health information (including genetic information and biometric information/templates) and criminal records. The GBRF will not collect sensitive information unless:

  • the information relates to the GBRF’s activities and the information relates solely to the members of the GBRF or to individuals who have regular contact with the GBRF in connection with its activities (where it is permitted to do so);
  • we are authorised or required by law to do so; or
  • you have consented to us collecting that information from you for a particular purpose, in which case we will only use the information for that purpose.
3. Use and disclosure of your personal information

The GBRF will only hold, use, or disclose information for the purpose(s) for which it was collected, in order to carry out our functions (including as described above), or otherwise as required or authorised by law. Where your information is disclosed to an individual or organisation external to the GBRF, we generally require that third party to protect your information in the same way we do.

For the purposes we have described, we may disclose your personal information:

  • to any of our partners or related bodies corporates;
  • to our suppliers (including contractors and service providers), professional advisers, dealers and agents or other individuals/organisations who collaborate with us;
  • to anyone to whom our assets or business (or any part of it) is transferred or disclosed;
  • where you have otherwise consented; or
  • as otherwise required or authorised by law.

Generally, the GBRF will only transfer or disclose personal information overseas where the individual expressly consents to such transfer or disclosure. However, given the amount of electronic information collected by the GBRF and that many software vendors and service providers are outside of Australia, personal information may be disclosed, transferred to, accessed from, processed in, stored or shared outside of Australia in the course of managing that information. We will therefore take such steps as are reasonable in the circumstances to ensure that the overseas recipients of your personal information do not breach the APPs in relation to the information.

4. Where is your personal information stored?

Reasonable steps are taken to seek to protect all personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. We use a variety of physical and electronic security measures, including restricting physical access to our offices, and firewalls and anti-virus software to seek to protect your personal information. However, the internet is not a secure environment. If you use the internet to send us any information, including your email address, it is sent at your own risk.

Your personal information will be stored on a protected electronic database, which may be our database, a database maintained by an overseas cloud hosting service provider or other overseas third party database storage or service provider.

5. Cookies and IP address tracking

When you visit the OotBB website or download information from it, our website tracks a record of your visit and records information including your internet address, your domain name (if applicable), and the date and time of your visit to our website. Our ISP also collects information such as the pages our users access, the documents they download, links from other sites they follow to reach our site, and the type of browser they use. This information is anonymous and is used for statistical and website development purposes only.

6. Access to your personal information

You have a right to access and seek correction of personal information we hold about you at any time by contacting us in writing (using the contact details below). There are some circumstances where we are permitted to deny access to personal information such as (but not limited to) where the access would have an unreasonable impact on the privacy of others or where granting access is unlawful or denying access is required or authorised by law. If we deny you access, we will provide with our reasons for refusal. The GBRF is allowed to impose reasonable charges for providing access.

7. Correction of your personal information

If you think any information we hold about you is incomplete, inaccurate or out of date, or if you have any concerns about the handling of your personal information, please contact our Privacy Compliance Officer as per the details below and we will take reasonable steps to correct that information.

8. Complaints

If you wish to make a complaint about the manner, in which we have collected, handled, used or disclosed your personal information (including if you think we have breached the Australian Privacy Principles), please contact our Privacy Compliance Officer in writing as follows:

Privacy Compliance Officer
Great Barrier Reef Foundation
GPO Box 1362


We will investigate the complaint and respond to you promptly. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner.

Last updated: 16 July 2018

Meet the winners of the People's Choice Award!

Sign up to the newsletter

  • This field is for validation purposes and should be left unchanged.
Out of the Blue Box is supported by:
Out of the Blue Box partners: