Find a Course

Grief First Aid Privacy Policy

Last updated: 25 February 2026

1. Introduction and Purpose

Grief First Aid™ (GFA) is committed to protecting the privacy of individuals whose personal information we collect in the course of delivering training, resources, events, consultancy, and community initiatives.

We comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and applicable State/Territory health records legislation when handling health information.

The purpose of this policy is to explain how we collect, store, use, and disclose personal information, and to outline your rights.

2. What is Personal Information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Sensitive information (including health information) requires a higher level of protection.

GFA is a non-clinical education provider. We do not provide medical, diagnostic, or therapeutic services and we do not require health information for participation.

Any health information you choose to share with us is treated as sensitive information.

3. Personal Information We Collect, Hold, Use and Disclose

3.1 Types of Information We Collect

  • Identification and contact details: name, email, phone, organisation, role, postal address.
  • Training and event information: registrations, attendance, assessment completion, certificates issued.
  • Communications: emails, chat messages, Q&A submissions, support requests.
  • Marketing preferences: newsletter subscription status and engagement.
  • Payment information: billing details and invoices. Card payments are generally processed by third-party payment gateways.
  • Web/IT data: IP address, browser metadata, pages viewed, cookies and analytics.
  • Health/sensitive information (optional): only where you voluntarily disclose it.

3.2 How We Collect Information

  • Directly from you (forms, email, phone, registrations).
  • Automatically via website analytics and learning systems.
  • From your employer/organisation for group registrations.
  • From publicly available sources (e.g., LinkedIn) where permitted.

3.3 Why We Collect and Use Information

We collect and use personal information to:

  • Deliver training, events, and resources.
  • Administer bookings and certificates.
  • Provide learner support and reasonable adjustments.
  • Improve programs through evaluation and analytics.
  • Meet legal, audit, insurance, and compliance obligations.

We use personal information for the primary purpose for which it was collected or a related secondary purpose you would reasonably expect.

Sensitive information will only be used with your explicit consent, unless required or authorised by law.

3.4 Disclosure of Information

We may disclose personal information to:

  • Your employer/organisation (where appropriate for service delivery).
  • Third-party service providers under privacy and security contracts.
  • Professional advisers under confidentiality obligations.
  • Regulators or law enforcement where legally required.
  • Other parties with your consent.

3.5 Overseas Disclosure

Our core servers are hosted in Australia where practicable.

Some third-party platforms may host data overseas. Where this occurs, we take reasonable steps to assess risk and implement safeguards.

Social media note: If you engage with us on third-party platforms, your information may be stored overseas under that platform’s privacy policy.

4. Security and Storage of Personal Information

We take reasonable steps to protect personal information from misuse, loss, or unauthorised access.

  • Role-based access controls
  • Multi-factor authentication (MFA)
  • Encrypted transmission (TLS)
  • Confidentiality obligations for staff and contractors
  • Secure disposal and de-identification practices

While no system is 100% secure, we actively assess and improve controls.

5. Retention and Destruction

We retain personal information only as long as necessary to fulfil its purpose or meet legal, accounting, or insurance obligations.

When no longer required, we will securely destroy, delete, or de-identify the information.

6. Access and Correction

You may request access to personal information we hold about you.

You may request correction of inaccurate, incomplete, or outdated information.

We aim to respond within 14–28 days. There is no charge for correction requests.

7. Interacting with Us Anonymously

Where feasible, you may interact with us anonymously or using a pseudonym. However, some services require identifying information.

8. Complaints

If you have concerns about how your personal information has been handled, please contact our Privacy Officer. We aim to respond within 28 days.

If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

9. Notifiable Data Breaches

If an eligible data breach occurs, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme.

10. Dignity and Confidentiality

  • Physical privacy
  • Psychological privacy
  • Social privacy
  • Confidentiality on a need-to-know basis

Participants are never required to disclose personal stories to participate or succeed.

11. Contact Us – Privacy Officer

Grief First Aid™ (GFA)
Email: admin@grieffirstaid.au
Website: https://grieffirstaid.au

Please write “Privacy Enquiry” in the subject line.

12. Updates to this Policy

We may amend this policy from time to time. The latest version will always be published on our website.