Red Union Group
Privacy Policy

WHO WE ARE

Red Union Support Hub ("RUSH") operates as NPAA Services Pty Ltd (ABN: 46 072 946 153). RUSH is the overarching service organisation that processes memberships, coordinates services, and connects you with the right support across the Red Union network.

This Privacy Policy applies across all Red Union entities that have adopted it, ensuring members receive consistent privacy protection no matter which service they use.

"We" includes:

• RUSH (the service hub)
• Our employees and contractors
• Affiliated professional associations that have adopted this privacy policy (listed in the side-bar)
• Affiliated service entities that have explicitly adopted this privacy policy (that may be listed in the sidebar)

Contact Us:

• Privacy Officer: Nikolai Martinovic
• Email: hotline@redunion.com.au
• Phone: 1300 263 374
• Address: 14-18, 17 Bowen Bridge Road, Bowen Hills QLD 4006

WHAT INFORMATION WE COLLECT

When you join or use our services, we collect from you:

Membership Details

• Name, contact details, address, profession
• Workplace information and employment status
• Professional qualifications and certifications
• Payment and membership history

Case and Support Information

• Workplace disputes or allegations you're facing
• Employment documentation and correspondence
• Health information (only when relevant to your case or workplace safety)
• Salary and employment conditions (when needed for representation)

Website and Digital Activity

• IP address, device type, browser information
• How you use our website and member portal
• Live chat conversations and email exchanges with our team
• Social media interactions

We collect this through:

• Membership applications and forms
• Phone calls, emails, and live chat
• Our member portal and website
• In-person consultations
• Members’ referrals
• Publicly available sources (where permitted)
• Third-party service providers (e.g., data enrichment services, marketing platforms)
• Social media platforms (where you've made information public)
• Business partners who refer you to our services (with your consent)

If you don't provide required information or consent, we may not be able to process your membership, provide certain services, or satisfy a request.

COOKIES AND TRACKING

We use cookies for three reasons:

1. Website function - Keep you logged in for member only access, remember preferences, save live chat logs
2. Analytics - Google Analytics, Facebook Pixel, TikTok tracking to understand what content is preferred
3. Marketing - Show relevant promotional materials (using hashed data, not your personal details)

You can disable cookies in your browser, but parts of our website won't work properly.

HOW WE USE YOUR INFORMATION

Here's what we do with your data:

Membership Services

• Process your membership and payments
• Provide 24/7 support hotline access
• Manage your member benefits (e.g. referral rewards, access to support, discounts)
• Send updates about your membership
• Deliver letters relating to your membership

Workplace Support and Representation

• Handle your workplace disputes and allegations
• Coordinate with our industrial team
• Refer you to legal services when needed (with your consent)
• Manage insurance claims and coverage

Professional Association Advocacy

• Campaign for better workplace conditions 
• Run collective advocacy initiatives
• Submit to government and employers on systemic issues
• Track industry trends affecting members
• Identify if a certain workplace or employment issue might affect you

Service Coordination

• Connect your details with Red Academy for training and CPD
• Manage Red Group Retail discounts (e.g. BlueCard) and salary sacrifice benefits
• Share basic contact information with Red Tax so they can offer member deals (Red Tax has its own privacy policy)
• Other affiliated member services as required

Communication

• Membership updates and service notifications
• Marketing about new benefits and campaigns (you can opt out)
• Industry news relevant to nurses and teachers

Automated IT processes

We use automated systems to:

• Match contact data between our services (e.g. Red Academy access and our Customer Relationship Management system)
• Provide you with written basic support for our services (e.g. through automated chatbots)
• Guide decision making and assist the efficiency and accuracy of human decision makers

These automated processes do not make decisions that significantly affect you without human review. You can request human review of any decision made using your information by contacting us.

Member Referral Program

• Track referral codes and reward eligible members
• Contact referred individuals (with referrer's implicit consent through the referral action)
• Process referral rewards and discounts

We ensure that information is only used for a proper purpose. We do not sell data to data brokers or use systems that sell information you provide to us. 

WHO WE SHARE YOUR INFORMATION WITH

Within the Red Union Network

Your information flows between RUSH and our affiliated entities when you use their services:

• Professional associations (for advocacy and collective campaigns)
• Basic login, contact, and profession information to Red Academy (for training and professional development)
• Basic contact information to access Red Union group discounts (for member benefits and discounts, such as bluelight card)
• Employees and contractors who deliver RUSH services

Employees, contractors, and the associations adopt this privacy policy. 

External Third Parties

Legal and Professional Services (With Your Consent)

• Law firms and solicitors (when you need legal representation)
• Barristers and legal counsel (for case representation)
• Expert witnesses (for dispute resolution)
• Courts and tribunals (when you're in proceedings)
• Fair Work Commission (if we're representing you)

We only disclose your sensitive information to external services with your explicit consent, when it's appropriate for services you seek, or if clearly compelled by law.

Service Providers

• IT and cloud storage (Google Drive, secure servers)
• Payment processing (Stripe)
• Insurance underwriters or their retailers receive only anonymised aggregate data, however individual information may be necessary to process individual claims
• Customer Relationships Management platform (HubSpot)
• Forms (Fillout)

Partner Services

• We share basic contact information with entities embedded within the Red Union Group so they can offer members services and deals (specifically Red Academy and Red Tax)
• We require our partners to comply with Australian privacy standards or equivalent protections

Where Required by Law

• Regulators
• Law enforcement

DATA SECURITY

Overseas Data Transfers

Some of your data goes overseas because we use global platforms:

• Google Services (Drive, Analytics): USA, Singapore, Google's global network
• Facebook/Meta and TikTok: USA and global servers (hashed, de-identified data for promotional material)
• Stripe: USA and EU (payment processing)
• Fillout: USA (signups)

What We're Doing

We're moving to Australian-based servers where possible and utilise self-hosted secure servers within Australia for IT and automations systems wherever possible.

Your Protection

We take reasonable steps to ensure overseas recipients handle your information in accordance with the APPs. Where we cannot ensure APP-level protections, we seek your explicit consent after informing you that APP protections may not apply. 

How We Protect Your Information:

• SSL encryption on our website
• Two-factor authentication (2FA) for staff access
• Restricted access based on job requirements
• Secure cloud storage with reputable providers
• Confidentiality agreements for all contractors
• Enforcement of this privacy policy for staff and affiliated entities

If There's a Data Breach:

1. We contain and investigate immediately
2. We notify the OAIC within 72 hours (if required by law)
3. We notify you if you're affected
4. We fix the problem and prevent it happening again

Suspect a breach? Email hotline@redunion.com.au immediately.

HOW LONG WE KEEP DATA

Default Retention Periods:

The default period you can expect us to retain your records is as follows:

• Active members: Duration of membership + 7 years.
• Legal or industrial matters: Minimum 7 years after resolution.
• Financial records: 7 years.
• Marketing data: Until you opt out. After opt-out, we retain minimum contact details (email/phone) on a suppression list to ensure we don't re-add you to marketing lists. This suppression data is kept indefinitely for compliance purposes.
• Website analytics: 26 months.

Deleted memberships: If you cancel, we keep your data for at least 7 years for legal and insurance purposes.

Want us to delete your data? Contact our Privacy Officer. We'll delete everything unless we're legally required to keep it for ongoing legal matters, regulatory compliance, or defending claims.

If you cancel your membership, you can still request access to your personal information by contacting our Privacy Officer.

YOUR RIGHTS

Access Your Information

• Log into the member portal to view and update most details
• Request your information by emailing hotline@redunion.com.au
• We'll respond within 30 days relating to your request

Fees for Information Requests

We don't charge fees for basic access requests. For complex or extensive requests requiring more than 2 staff hours, we may charge a reasonable fee to cover our costs (e.g., $50-100 per hour for search and retrieval). We'll notify you of any fees before processing your request.

Fix Incorrect Information

• Update directly in the member portal, or
• Contact us to correct information
• We'll respond within 30 days

Refusal of Requests

We refuse access or correction requests where appropriate (e.g., where it would unreasonably impact another person's privacy or where disclosure would be unlawful).

If we refuse your correction or access request, we'll give you written reasons and information about how to complain. You can request we attach a statement to your record noting you dispute its accuracy.

Opt Out of Marketing

• Click "unsubscribe" in any promotional material
• Opting out will always be a simple process free of charge
• Email hotline@redunion.com.au to opt out of all marketing
• If opt out does not appear to work effectively, notify us and we’ll assess this error

Using Anonymity

Where practical, you can interact anonymously. But we will need to identify you or some of your information for:

• Membership applications and confirmation
• Legal representation
• Financial transactions
• Login to member-only services
• Situations where law requires identification

SPECIAL INFORMATION TYPES

Health Information

When we collect health data (relevant to workplace disputes or safety), we:

• Only collect what's directly relevant
• Get specific consent before sharing with legal representatives or experts
• 3^rd party health information is dealt with sensitively and removed and redacted wherever possible

Sensitive Information

We only collect sensitive information (health data, union membership status, racial/ethnic origin, political opinions) when:

• You've given explicit consent and it's necessary for our services
• Required by law
• Necessary for legal proceedings or dispute resolution

Government Identifier Usage

We don't adopt, use, or disclose government-related identifiers except where required or authorised by law.

Subscribers to Red Tax will have to provide Tax File Numbers to them, but Red Tax has a different privacy policy as a tax accountant.

Children's Information

We don't directly collect personal information from children under 18, and we don't offer membership or services directly to children.

However, we handle information about children (as third parties) when it's relating to our services (e.g. workplace allegations or disputes involving our teacher members, complaint involving a patient minor, dispute regarding carer's leave).

When handling children's information as third parties we only use it for the specific purpose of representing and supporting our member's professional and industrial interests. We redact or remove children's identifying information where possible and appropriate and we don't use or disclose or retain children's information beyond what's necessary for servicing the member's matter.

If you believe we've inappropriately collected information directly from a child without proper authorization, contact us immediately at hotline@redunion.com.au.

MAKING A COMPLAINT

If you think we've breached your privacy:

1. Contact us first: Email hotline@redunion.com.au with details
2. We investigate: We will review and respond within 30 days
3. Still not satisfied? Complain to the Office of the Australian Information Commissioner:
   • Website: oaic.gov.au
   • Phone: 1300 363 992
   • Email: enquiries@oaic.gov.au

POLICY UPDATES

We'll update this policy when:

• Our services or practices change
• Legal requirements change
• We implement new security measures

For major changes affecting how we use your information:

• We'll post the updated policy on our website
• We'll email current members or subscribers
• We'll give 30 days' notice before implementing changes

For minor updates:

• We'll post the revised policy with an updated date

CONTACT US

Privacy Officer: Nikolai Martinovic
Email: hotline@redunion.com.au
Phone: 1300 263 374
Address: 14-18, 17 Bowen Bridge Road, Bowen Hills QLD 4006

Office of the Australian Information Commissioner:
Website: oaic.gov.au | Phone: 1300 363 992 | Email: enquiries@oaic.gov.au