Privacy Policy
Our ongoing commitment to your privacy
Introduction
Sydney Children's Hospitals Foundation Limited (ACN 003 073 185) (“We”, “us” and “our”) values your privacy.
This Privacy Policy explains how and why we collect, use, hold, disclose, and protect your Personal Information.
By accessing or using our services or website or partnering, volunteering or being involved with us you consent to the practices described in this Privacy Policy. Please read this policy carefully to understand our privacy practices.
Where an individual lacks the capacity to provide consent then consent may be provided on behalf of the individual by:
- A guardian;
- Someone with enduring power of attorney;
- A person recognised by other relevant laws (for example in NSW a ‘responsible person’ under the Guardianship Act 1987 (NSW) can provide consent and this may be a spouse, partner, carer, family member or close friend); or
- 3scA person the individual nominated in writing when they were capable of giving consent.
We may update this Privacy Policy from time to time to reflect changes to our practices or legal requirements. Any updates will be posted on our website, and we may also notify you of any significant changes via email or other appropriate means.
What is Personal Information?
“Personal Information” is any information or an opinion about an identified individual, or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true and includes information or an opinion forming part of a database and may or may not be recorded in material form.
What Personal Information do we collect and hold?
We collect personal information from you and about you when you interact with our website, marketing campaigns, engage our services, partner with us or become involved with us and/or when you contact us (e.g., call us, send us an email, or interact with us via social media).
The personal information we collect may include, but is not limited to:
- Names;
- Contact information (e.g., email address, phone number);
- Date of birth;
- Postal address;
- Payment information (including credit card details);
- Employment history (when you apply for a position with us, including sensitive information such as a criminal history check and working with children checks outcomes);
- High level details about a health condition of a child;
- Information relevant to your donation and ongoing relationship with us; and
- Any other information you provide to us voluntarily.
We collect personal information through various means, including but not limited to the following:
- When you register an account with us;
- When you donate to us;
- When you engage our services;
- When you supply to us or engage in other business operations/services with us;
- For the purposes of distributing publications to you;
- When you participate in our events and activities;
- When you apply for a job or volunteer with us;
- We you contact us via our website, social media or subscribe to our newsletter;
- When you participate in surveys, contests or promotions;
- When you contact us on phone or email; and
- When you interact with our online advertising (e.g., Google, Bing, social media platforms).
We aim to collect personal information directly from the individual, but sometimes we collect personal information from employees, donors, supporters, volunteers, parents, carers, guardians and other third parties that is necessary for us to perform our functions. We will do this if the individual (or their legal guardian) has consented to us collecting their personal information in this way, or where it is not reasonable or practical for us to collect the personal information directly from the individual.
If you interact with us via social media, you agree that we may receive certain information from the platform (e.g., your public profile, communications with us, and engagement metrics) in accordance with your platform settings.
We generally collect sensitive information (such as details of a medical condition, criminal history check and/or working with children’s checks) and we will only collect sensitive information about you with your consent (or guardian) (unless we are otherwise required or authorised by or under law to do so) or we may collect sensitive information about you from a third party with your consent if you have regular contact with our organisation in relation to the activities and services we provide.
Cookies and Similar Technology
We may use cookies and similar technology on our website to enhance your user experience and to understand how our website is used. Cookies are small text files that are stored on your device when you visit our website. You can control the use of cookies through your browser settings.
We may also use analytics and measurement tools (for example, Google Analytics, and where applicable Meta Pixel, Microsoft Clarity, Hotjar, Mailchimp Analytics). These tools may collect information such as:
- the location from which you have come to the site and the pages you have visited; and
- technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language, and operating system.
Why do we collect and use your Personal Information?
We collect, hold, and use your personal information so that we can:
- provide and improve our services;
- manage our relationship with you;
- improve our marketing practices, including website and social media engagement;
- to communicate with you, respond to your enquires or complaints and provide customer support;
- process your donations;
- engage or partner with you on events;
- send you our publications;
- to comply with our legal obligations and resolve disputes;
- identify and tell you about other services and events that we think may be of interest to you; and
- to consider you for any current or future employment or volunteer opportunities.
If you do not provide us with your personal information, we may not be able to provide you with our services, partner with you on events, consider you for employment or volunteer opportunities, process your donations, send you our publications or communicate with you or respond to your enquiries.
Donor Profiling and Prospect Research
We may use personal information to better understand our supporters and to communicate with you in a relevant, meaningful, and responsible way. This may include conducting prospect research and donor profiling activities. We may collect and use personal information for the purpose of undertaking prospect research. Prospect research involves analysing information we hold, as well as information sourced from publicly available records or reputable third-party providers, to help us understand a donor’s interests, potential capacity to give, and likely engagement with our organisation (for example, but not limited to: Altrata, Dataro and Mosaic). We undertake prospect research to support our mission and ensure our fundraising efforts are efficient, respectful, and aligned with the interests and preferences of our supporters. This helps us communicate more effectively and steward our donor relationships responsibly.
Prospect research may include reviewing:
- donation history and patterns of support;
- information published in public sources (such as news articles, corporate publications, or professional profiles);
- demographic or philanthropic indicators; and
- your interactions and engagement with our organisation
We only collect information that is reasonably necessary for our functions and activities, and we do so using lawful and fair means. If you do not wish for your personal information to be used for prospect research or donor profiling, you may opt out at any time by contacting us using the details provided in this Privacy Policy.
Security of Personal Information
We take reasonable steps to protect your personal information from unauthorised access, interference, disclosure, or destruction. We use a combination of physical, electronic, and administrative safeguards, including encryption, password protection, secure databases, and restricted access to protect your information and follow industry best practices to safeguard its confidentiality and integrity.
All financial transactions are processed securely through authorised systems and trusted third-party providers. Credit card details are stored safely, CVVs are never recorded or retained, and only authorised staff have permission to process payments through our secure platforms.
We store most personal information in computer systems and databases (including those managed by secure cloud service providers), while any paper records are held securely. When your information is no longer required, we take reasonable steps to destroy or de-identify it, unless we are legally required to retain it.
Although we take all reasonable precautions to safeguard your data, no system can guarantee absolute security. In the unlikely event of a security breach, we will act swiftly to investigate, minimise any impact, and maintain transparency with affected individuals.
Third-party assurance
Suppliers, contractors, and service providers handling personal information are vetted by our Data Steering Committee and must adhere to our security requirements and sign a Supplier Privacy Agreement, ensuring compliance with the Privacy Act and our standards.
Who do we disclose your Personal Information to, and why?
We may disclose personal information to:
- related organisations (where applicable);
- external service providers who perform services for or on our behalf (e.g., payment gateways and banks for donations, CRM and marketing services, IT hosting/support, mail-houses, recruitment agencies);
- professional advisers (e.g., legal, audit, accounting), where necessary and appropriate; and
- other parties where required or authorised by law, where you have expressly consented, or where disclosure is reasonably necessary for our functions and activities (including to data processors we use to operate our business and provide services).
If the control of all or part of our organisation changes, we may transfer your personal information to the new controlling organisation.
American Express payments
If you use an American Express card, your personal information and transaction data may be provided to American Express Australia Ltd (ABN 92 108 952 085) and its affiliates, agents, subcontractors, and employees, who will handle it in accordance with their own privacy policy.
Disclose to overseas recipients
We may disclose or allow access to personal information to recipients located outside Australia, including in: New Zealand, United States, Japan, China, Hong Kong, the United Kingdom, and Canada. Such disclosures may occur where:
- cloud hosting, data storage, support, or processing services are provided from these locations; or
- specific vendors or group service partners operate in these jurisdictions.
Where we disclose personal information overseas, we take reasonable steps to ensure the recipient protects the information in a manner consistent with Australian privacy requirements (for example, through contractual safeguards, technical controls, and due diligence). Some overseas recipients may be subject to foreign laws that require disclosure to government authorities.
Direct Marketing
We may use your personal information so we can contact you with information about our events, services, promotions or causes that may be of interest to you.
We may contact you by email, mail, social media, SMS or telephone call. You can let us know at any time if you no longer wish to receive these communications, by contacting us (using the contact details at the end of this policy) or using the opt-out/unsubscribe facility in our communications.
Access and correction of your Personal Information
You may request access to or correction of personal information that we hold about you by contacting us directly. Our contact details are set out below. Please understand there are some circumstances in which we are not required to give you access to your personal information, but we will advise you if these circumstances apply to your request.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up-to-date and correct.
Making a complaint
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may make a complaint to the Office of the Australian Information Commissioner. (OAIC) (www.oaic.gov.au).
Data Breach Response
In the event of a data breach involving personal information, we have procedures in place to promptly assess and mitigate the breach, notify affected individuals where required by law, and take steps to prevent similar incidents in the future.
