BRIDGE Privacy Notice

Last updated 9 March 2022

Building Resources in Democracy, Governance and Elections (BRIDGE) is a partnership between the Australian Electoral Commission, the International Foundation of Electoral Systems, the International Institute for Democracy and Electoral Assistance, the United Nations Development Programme and the United Nations Department of Political and Peacebuilding Affairs(each a Partner and together the Partnership).

BRIDGE facilitates professional development programs and workshops with a particular focus on electoral processes.

We are committed to managing personal information in accordance with relevant local privacy and data protection laws which may apply to us such as the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act), the General Data Protection Regulation (EU) 2016/679 (GDPR) and other local applicable privacy laws. This privacy notice explains how we manage your personal information in connection with your dealings with BRIDGE.

In this privacy notice, “we“, “us“, and “our” refers to BRIDGE and “you” refers to any individual we collect personal information about.

This privacy notice applies to all personal information collected by us, or submitted to us, This privacy notice applies to all personal information collected by us, or submitted to us, whether offline (collected at a workshop you attend) or This privacy notice applies to all personal information collected by us, or submitted to us, whether offline (collected at a workshop you attend) or online, including personal information collected or submitted through our website (https://www.bridge-project.org/) or via email as well as through our official social media channel pages which we control (such as our Facebook and Twitter pages).

This privacy notice does not cover any other activities or dealings with a BRIDGE Partner outside of BRIDGE or how a BRIDGE Partner generally handles personal information. For this information you should refer to the privacy policy or privacy notice of the relevant BRIDGE Partner.

What information does BRIDGE collect about you?

We collect personal information from you if you are:

  • a participant or potential participant in one of our workshops or programs (for example you work at an election commission, are an electoral management body personnel, work in security forces, are a university student, work in policy, research, or for a government agency or ministry for electoral management);
  • a facilitator or potential facilitator of one of our programs, courses or workshops; or
  • you otherwise interact with us – for example you supply us with products or services or otherwise deal with us in the course of us carrying out our functions and activities.

We generally deal directly with you. When you enquire about one of our programs, courses or workshops, or we otherwise deal with you, a record is generally made which may include your personal information. In certain circumstances some of this information may be collected by one of our facilitators and then provided to us. 

The type of personal information that we collect will vary depending on the circumstances of collection and the purpose for which we are dealing with you, but will typically include:

  • personal details such as your name, title, email address, postal address and other business contact details;
  • geolocation information based on your online interactions with us;
  • information about your employer or an organisation that you represent;
  • your professional details (such as your job title);
  • any additional personal information you provide to us, or authorise us to collect, as part of your interaction with BRIDGE; and
  • other contact details regarding our interactions and transactions with you and the organisation you represent (if applicable).

The way in which we handle the personal information of visitors to our websites is discussed below.

How and why does BRIDGE collect and use your personal information

We will use your personal information to respond to you when you contact us with an inquiry.

If you register with us via a BRIDGE facilitator course, sign up to receive news and information, or communicate with us through our website or social media channels, we may contact you via email or regular mail to tell you about BRIDGE updates through such means as a BRIDGE newsletter.

BRIDGE collects personal information reasonably necessary to carry out our functions and activities, to assess and manage our participant, facilitator and stakeholder needs, and to provide our programs, workshops, courses and other services.

We may also collect personal information to fulfil administrative, regulatory or legal functions associated with these functions and activities, for example entering into contracts with you and/or third parties and managing stakeholder, government and other business relationships.

The purposes for which BRIDGE usually collects and uses personal information depends on the nature of your interaction with us, but may include:

  • responding to requests for information and other general inquiries about our programs, courses, workshops or other services;
  • managing our relationship with you if you are a participant, facilitator, supplier, stakeholder or other business partner;
  • managing, planning, advertising and administering programs and events which may be of interest to you including workshops, programs and training courses;
  • researching, developing and expanding our services, programs, courses or workshops;
  • informing you of our functions, activities and services;
  • recruitment processes (including for facilitators, staff and other contractors); and
  • responding to enquires and complaints.

We may collect and update your personal information over the phone, by email, over the internet or social media, or in person.  We may also collect personal information about you from other sources, for example via:

  • one of our facilitators;
  • one of our facilitators;
  • a BRIDGE Partner or its affiliates;
  • an organisation you work for; or
  • third party suppliers and contractors who assist us with our functions and activities.

BRIDGE may also collect and use personal information for research purposes and to innovate our delivery of workshops, courses, programs and other services.

In some cases, it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party’s, statutory or public functions or because the law permits or requires us to.

How does BRIDGE interact with you via the internet?

You may visit our website without identifying yourself. If you identify yourself (for example, by logging into a customer specific portal or by providing your contact details in an enquiry), any personal information you provide to BRIDGE will be managed in accordance with this privacy notice.

Our website also collects information in aggregate that is not personally identifiable. This information allows us to track general patterns, such as site traffic. When visiting this website the BRIDGE site server makes a record of the visit and logs the following information for statistical purposes:

  • the user’s server address – this allows us to consider the visitors who use the site most, and tailor the site to their interests and needs;
  • the user’s operating system (for example Windows, Mac etc.) – this allows us to tailor browser or platform specific parts of the site to each operating system because browsers act differently on each platform;
  • the user’s top level domain name (for example .com, .gov, .org etc.) – this can allow us to tailor information relevant to different domains;
  • the date and time of the visit to the site – this is important for identifying the website’s busy times and ensuring maintenance on the site is conducted outside these periods;
  • pages accessed and documents downloaded – this indicates to us which pages or documents are most important to our users and also helps identify important information that may be difficult to find;
  • duration of the visit – this indicates to us how interesting and informative our site is to our users;
  • geographic location – this shows us how well marketed our site is internationally;
  • the site visited before the BRIDGE website – this helps us determine the interests of our users and which sites are providing links to ours as well as sites where we may be able to seek links;
  • the type of browser used – this is important for browser specific coding e.g. Javascript.

Links

This site con

This site contains links to third-party websites including links to each BRIDGE Partner website.

BRIDGE is not responsible for the privacy practices or the content of such websites. BRIDGE has no knowledge if cookies or other tracking devices are used these websites that are linked to our website. If you go to a link to another website, you should read that website’s privacy policy if you want to know how it will handle your personal information.

Can you deal with BRIDGE anonymously?

BRIDGE will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for BRIDGE to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to use our services or participate in our workshops, courses, programs events or activities we manage or deliver.

How does BRIDGE hold information?

BRIDGE stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas).  Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

BRIDGE maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

How long will your personal information be kept by BRIDGE

We will only keep the personal information we collect about you for as long as is necessary for the purposes set out in this privacy notice or as required to comply with our legal obligations. The retention periods we apply take account of:

  • legal and regulatory requirements and guidance including obligations under the Archives Act 1983 (Cth);
  • limitation periods that apply in respect of taking legal action;
  • our ability to defend ourselves against legal claims and complaints; and
  • the operational requirements of our operation.

We take steps to destroy or de-identify information that we no longer require or as required by an applicable law.

Does BRIDGE use or disclose your personal information for direct marketing?

BRIDGE may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you or as otherwise permitted under applicable privacy laws.

This means under certain privacy laws we may not need your consent to send you materials which may be considered marketing communications such as our newsletter. However, where consent is required under applicable privacy laws we obtain this in accordance with relevant laws. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or using the opt-out functionality contained in the electronic message.

If you opt-out of receiving marketing material from us, BRIDGE may still contact you in relation to its ongoing relationship with you.

Does BRIDGE disclose your personal information?

We may disclose your personal information to other recipients or categories of recipients, including to Partners who perform functions and activities for BRIDGE and to their, or our, support service providers and data providers. We may transfer your information outside the jurisdiction in which you are located (how this is done is discussed in detail below).

We will comply with relevant privacy laws if we share your information with third parties.

The recipients, or categories of recipients, of your personal information may include:

  • Partners who form part of BRIDGE, where the Partner provides back-end support to us; other participants in BRIDGE
  • our third-party service providers such as entities which assist with IT services and hosting data;
  • our advisers (including accountants, lawyers and other professional advisers) who provide services to us or to a Partner, and
  • Australian and overseas regulators and authorities in connection with their duties.

Does BRIDGE disclose your personal information overseas?

BRIDGE is a global Partnership and works with Partners, participants, facilitators, service providers, and other stakeholders across the globe. It is likely that your personal information will be disclosed to overseas recipients, including to service providers who may handle, process or store your personal information on our behalf.

BRIDGE Partners have operations in Australia, the United States of America and Sweden.

We generally collect personal information about you in the jurisdiction in which you are located, however, it is likely that your personal information will be transferred outside of the jurisdiction it was collected. The recipients of such information may be located in Australia, or elsewhere, where personal information is stored.

We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable privacy laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area.

There are other circumstances where we may disclose your personal information to an overseas recipient. For example, where you have provided your consent, or we are otherwise permitted to do so under the APPs or other relevant laws.

Residents in the European Economic Area

If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):

  • Access: you have the right to request a copy of any personal information we hold about you. Any request for access to or a copy of your personal information must in writing, and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
  • Rectification: you have the right to the rectification of your personal data, if you consider that it is inaccurate.
  • Deletion: you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • Restriction: you have the right to the erasure of your personal information, if you consider that we do not have the right to hold it.
  • Portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
  • Objection: you have the right to object to your personal information being processed for a particular purpose or to request that we stop using your information.
  • Complaint: If you are unhappy with our treatment of your personal information, and you have contacted us as set out below, you have the right to lodge a complaint with the local data protection authority.

If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent, we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

To make a request to exercise any of these rights (where applicable) in relation to your personal information, please contact us using the contact details below.

How can you access or seek correction of your personal information?

You are entitled to access your personal information held by BRIDGE on request. To request access to your personal information you can contact our Privacy Officer using the contact details set out below.

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.

However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your personal information in certain circumstances in accordance with the applicable privacy law. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

What should you do if you have a complaint about the handling of your personal information?

You may contact BRIDGE to complain about the way in which your personal information has been handled.

You may make a complaint about privacy to the Privacy Officer at the contact details set out below.

The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.

If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to your complaint, or you consider that BRIDGE may have breached the APPs or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.

If you are outside of Australia, you may wish to take your complaint up with the local data protection authority in your jurisdiction.

How changes are made to this privacy notice

BRIDGE may amend this privacy notice from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes.

Need further information

If you have any privacy concerns, please contact: bridge@aec.gov.au