The Egyptian Orphan Fund Australia Website Security Policy

1. Purpose

The Egyptian Orphan Fund Australia (TEOFA) is committed to maintaining the security, confidentiality, and integrity of all personal and financial information collected through our website.

This policy outlines the measures we take to protect data shared by donors, sponsors, volunteers, and visitors when interacting with our online platforms.

2. Scope

This policy applies to:

• TEOFA’s official website: www.theegyptianorphanfund.org.au;
• All systems, plugins, databases, and payment gateways connected to the website; and
• Any staff, contractors, or authorised service providers involved in the management, maintenance, or security of the site.

3. Website Hosting and Maintenance

The TEOFA website is built on the WordPress platform and maintained by authorised service providers who carry out regular updates, monitoring, and security maintenance. To protect the integrity of our systems, WordPress core files, plugins, and themes are routinely updated to ensure they remain secure and up to date.

Access to the website’s administrative panel is restricted to authorised personnel only, with unique login credentials assigned to each authorised user.

All administrative accounts are protected by strong passwords, and where available, two-factor authentication (2FA) is implemented to provide an additional layer of protection against unauthorized access.

4. Data Security and Encryption

TEOFA takes all reasonable steps to safeguard the information shared through our website. We use Secure Sockets Layer (SSL) encryption to protect all data transmitted between users’ browsers and our servers, ensuring that personal and payment information entered on our site remains confidential and secure.

Any information submitted through online donation, contact, volunteer or other forms is encrypted while in transit. TEOFA does not store any payment card details on its servers, and all transactions are processed securely by trusted third-party payment providers that comply with PCI DSS (Payment Card Industry Data Security Standards). This is to guarantee the safe handling of sensitive payment information.

5. Information We Collect Online

Through our website, TEOFA may collect:

• Basic contact details (such as name, email address, phone number, or postal address) provided through donation, contact, volunteer, or other forms;
• Payment information entered via secure gateways (processed by authorised third-party providers);
• Non-personal analytics data (such as browser type, device, or time of visit).

All personal information is managed in accordance with our Privacy Policy.

6. Backups and Data Protection

Website data and configuration files are backed up regularly by authorised service providers and stored securely on encrypted servers. These backups are tested periodically to confirm their reliability and integrity. In the event of a system failure, data loss, or security breach, TEOFA will immediately initiate restoration procedures to minimise disruption and ensure the continuity of services.

All backup and restoration processes are carried out securely and in accordance with recognised data protection standards.

7. Malware Protection and Monitoring

TEOFA’s website is protected through reputable security tools and firewalls designed to detect and block unauthorised access, spam, and malicious activity.

Routine scans are conducted to identify potential vulnerabilities or malware infections, and any issues detected are promptly addressed by authorised service providers. The site’s performance and uptime are monitored continuously to ensure ongoing security, stability, and accessibility for users.

8. Incident Response and Breach Notification

In the unlikely event of a data breach or unauthorised access, TEOFA will act promptly to contain the incident, assess its impact, and protect any affected information. Should a breach involve personal information, TEOFA will comply with its obligations under the Notifiable Data Breaches Scheme by notifying affected individuals and, where required, the Office of the Australian Information Commissioner (OAIC). All security incidents are documented and reviewed to identify the cause, strengthen future protections, and prevent recurrence.

9. Roles and Responsibilities

Authorised service providers engaged by TEOFA are responsible for website hosting, maintenance, and technical security, in line with this policy and applicable Australian privacy and data protection standards. TEOFA’s management team oversees compliance with this policy, ensuring that access to the website’s administrative functions is limited to authorised personnel and that security reports and incidents are reviewed as necessary.

All staff and volunteers with administrative access are trained and comply with good cybersecurity practices, including the use of strong passwords, secure devices, and responsible management of login credentials.

10. Third-Party Services and Links

The TEOFA website may contain links to external websites, including social media pages, partner organisations, and fundraising platforms. These third-party sites are not operated or controlled by TEOFA and are subject to their own privacy and security policies. While care is taken to link only to reputable sources, TEOFA is not responsible for the security, privacy, or content practices of any external websites. Visitors are encouraged to review the privacy and security policies of any third-party sites they access through links on our website.

11. Contact Us

If you have any questions, concerns, or complaints regarding this policy, please contact:

The Egyptian Orphan Fund Australia (TEOFA)
Email:                 admin@theegyptianorphanfund.org.au
Mail:                    8/17 Sugar Gum Ct, Braeside VIC 3195
Website:           www.theegyptianorphanfund.org.au

We will respond promptly to all website security enquiries and aim to resolve them fairly, respectfully, and transparently.