Food Ladder
Contact us

Privacy Policy

Last updated: 18 June 2026

1. About this Policy

This Privacy Policy explains how Food Ladder (ABN 89 132 323 347) ("we", "us", "our") collects, uses, discloses, and protects personal information through our websites at foodladder.org (including all subdomains) and foodladdertech.org (collectively, the "Sites").

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where our Sites are accessed by users in the European Economic Area (EEA) or the United Kingdom, we also respect the principles of the General Data Protection Regulation (GDPR). For users in California, we respect the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Information you provide to us

We collect personal information that you voluntarily provide when you:

  • Submit an enquiry, application, or volunteer form (name, email, phone number, school, organisation, role);
  • Subscribe to our mailing list (name and email address);
  • Make a donation (name, email—payment details are processed by our third-party provider Raisely and are not stored by us);
  • Contact us by email or post.

2.2 Information collected automatically

When you visit our Sites, we automatically collect certain information through cookies and similar technologies, including:

  • Device and browser information: IP address, browser type and version, operating system, device type;
  • Usage data: Pages visited, time spent on pages, referring URLs, click patterns;
  • Location data: Approximate geographic location derived from your IP address.

This data is collected via Google Analytics 4 (GA4) and is used in aggregate to improve our Sites and understand how visitors interact with our content.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To respond to your enquiries and requests;
  • To process donations and issue tax-deductible receipts;
  • To send you newsletters and updates (where you have opted in);
  • To administer our school partnership program;
  • To improve our Sites, services, and educational content;
  • To comply with legal obligations;
  • To protect our rights and prevent misuse of our Sites.

4. Cookies and Tracking Technologies

4.1 What are cookies?

Cookies are small text files placed on your device when you visit a website. They help us understand how you use our Sites and improve your experience.

4.2 Cookies we use

CookieProviderPurposeDuration
_gaGoogle AnalyticsDistinguishes unique users2 years
_ga_*Google AnalyticsMaintains session state2 years

4.3 Managing cookies

When you first visit our Sites, a cookie consent banner will allow you to accept or decline non-essential cookies. You can change your preferences at any time through your browser settings. Note that disabling cookies may affect your experience on our Sites.

4.4 Global Privacy Control (GPC) & Do Not Track

We honour the Global Privacy Control (GPC) signal and the Do Not Track (DNT) browser setting. If your browser sends either signal, we automatically treat this as a decline of non-essential cookies—analytics cookies will not be stored and the consent banner will not appear.

5. Legal Basis for Processing (EEA/UK Users)

Where the GDPR applies, we process your personal data on the following legal bases:

  • Consent: For marketing communications and non-essential cookies;
  • Legitimate interest: For analytics and website improvement;
  • Contractual necessity: For processing donations and service enquiries;
  • Legal obligation: For tax and regulatory compliance.

6. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share your information with:

  • Service providers: Including Google (analytics), Raisely (donations), and our email marketing platform—only to the extent necessary to provide their services;
  • Legal authorities: Where required by law, regulation, or legal process;
  • Professional advisors: Accountants and legal counsel, bound by confidentiality obligations.

7. International Data Transfers

Some of our service providers (such as Google) may process data outside Australia. Where personal information is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or the recipient being in a jurisdiction with adequate privacy protections.

8. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Enquiry and form data: 3 years from last interaction;
  • Mailing list data: Until you unsubscribe;
  • Donation records: 7 years (as required by Australian tax law);
  • Analytics data: 14 months (Google Analytics default retention).

9. Your Rights

9.1 All users

Under the Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate or outdated information;
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached.

9.2 EEA/UK users (GDPR)

If you are located in the EEA or UK, you additionally have the right to:

  • Request erasure of your personal data ("right to be forgotten");
  • Restrict or object to processing;
  • Data portability;
  • Withdraw consent at any time (without affecting the lawfulness of prior processing);
  • Lodge a complaint with your local data protection authority.

9.3 California users (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used;
  • Request deletion of your personal information;
  • Opt out of the sale of personal information (we do not sell personal information);
  • Non-discrimination for exercising your rights.

10. Security

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our Sites use HTTPS encryption and we limit access to personal information to authorised personnel only.

11. Children's Privacy

Our Sites are not directed at children under 16. We do not knowingly collect personal information from children under 16 without parental consent. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.