- What information do we collect and why?
- How do we share your personal information?
- Who may act on a patient’s behalf?
- How secure is your personal information?
- Accessing and correcting your personal information
- Making a complaint
- Contacting Us
Sydney Children's Hospitals Foundation Limited (ACN 003 073 185) (the Foundation) values your privacy.
What information do we collect and why?
The Foundation collects personal information from employees, donors, supporters, volunteers, patients, and other contacts that is necessary for us to perform our functions.
Generally, we collect information directly from the relevant individual. Sometimes, we may need to collect information about an individual from third parties including parents, carers, guardians, or other third-party information sources. We will do this if the individual has consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from the individual.
The types of personal information we collect, and the purpose of collecting that information varies depending on the context. We have included an overview of the types of personal information we collect, and for what purposes, for a range of circumstances below.
When you donate, including via this website, in person, over the phone, by direct deposit, via email, by post, or through our fundraising personnel or volunteers as part of any of our fundraising events or activities or at our offices, we collect and store a range of information in our database. We use this information to process your donation, complete your tax receipt, and send you further information about the Foundation for promotional purposes. This information also allows us to develop a personalised experience for donors. The personal information we collect includes:
- contact details such as your name, phone number, address, email address,
- demographic information such as date of birth,
- payment and billing details (including credit card details if relevant), and
- other information relevant to your donation and ongoing relationship with The Foundation.
On some occasions, this information may include health or other sensitive information, which we will only collect with your consent. For example, we may ask you if you or your family members have been treated by a service within the Sydney Children's Hospitals Network previously, or we may collect details related to your health or other sensitive information so we can ensure we understand your needs as a donor.
In some instances, we may seek further contextual information to better understand and be sensitive to the circumstances and needs of large-scale donor relationships. This may include accessing news or media articles, or publicly available information on social media platforms.
Supporters and volunteers:
The Foundation may also collect supporters' and volunteers' names, phone numbers, addresses, email addresses, demographic information such as date of birth, and other contact information, records of communication between them and the Foundation and other personal information about our current and potential supporters and volunteers so that we can encourage, record, and acknowledge their support and communicate with them about the Foundation and our activities.
The Foundation may receive or request details about individual patients, such as their name, age and with the patient’s consent, their medical condition, medical treatment, and medical history. We may use this information for media purposes and will communicate directly with patients and their families for this purpose. All patient information received and collected by the Foundation will be treated in the strictest confidence and will not be made public or distributed to the media without prior consent from the patient.
We collect personal information about patients and their family members, donors, volunteers, and other supporters who wish to join or participate in our events and other programs we conduct. The types of personal information we collect includes contact details, donation history and, in some cases, other personal information such as photographs and videos. We use this information to organise, promote, and seek support for these events, and overall to support the fundraising activities of the Foundation. With consent and where relevant, we sometimes also collect health information or other sensitive information.
Applying for a position (as a volunteer or employee) with the Foundation:
If you apply for a position with the Foundation, we collect your personal information to assess your suitability for that position, and if successful, for ongoing employment purposes. The information we collect includes name, contact details, and information about your working history or other relevant details you may share with us. Depending on the position, we require candidates to undergo relevant employment-related checks (including criminal and working with children checks), which will require additional personal information to be collected by the Foundation as well as a third-party record check provider. With your consent, this information may include information or an opinion about your criminal record or other sensitive information.
The Foundation collects personal information about suppliers, including individuals who are employed by our suppliers (including service and content providers), contractors and agents for our general business operations.
When you contact us or visit our website:
If you contact us or make an enquiry (including when you call us by phone, message us on social media, or write to us), you may choose to provide us with your name or other contact details so that we can respond to your requests, or to provide our newsletter or other information about the Foundation's services or operations. Provision of your personal details is the most effective method for the Foundation to communicate with you, and to assist in the efficient delivery of services.
The Foundation's website may use website tracking pixels and cookies to collect statistics on visitor traffic and to understand how people use our websites. We do not collect personally identifying information, the patterns of usage of visitors to the website may be tracked for the purposes of providing improved service and content based on an aggregate or statistical review of user site traffic patterns.
The Foundation’s website may also use Google Analytics features which allow us to tailor our marketing to better suit your needs. If you prefer not to allow this, you may be able to adjust your browser to turn off the use of “cookies” or notify you when they are being used. However, if you disable cookies, you may not be able to access certain areas or take advantage of certain features of the Foundation’s website; for example, you may need to re-enter your personal information each time that you attempt to access information. You can also opt out of programs like Google Analytics if you wish, by using the following tool: https://tools.google.com/dlpage/gaoptout/.
Credit Card Data:
We collect credit card information to process donation payments. Any credit card transactions information processed via our database is not stored by the Foundation, but with a contracted cloud-based third-party storage provider. Credit card transaction data for recurring donations are stored tokenised in a secure payment gateway that is PCI-DSS compliant. Any manual forms returned to the Foundation with credit card details on them are masked and stored securely.
How do we share your personal information?
In some instances, we may provide personal information we hold to third parties. We use a range of suppliers, service providers, contractors, and partners to enable us to perform the activities and functions of the Foundation. They include information technology service providers, direct marketing agencies, banks, credit card companies and recruitment agencies.
Examples may include providing personal information to contractors and service providers located outside of Australia, including in the United States of America, Japan, China, Hong Kong, the United Kingdom and Canada. The privacy laws of these countries may not provide the same level of protection as the Australian Privacy Laws; however, we take all reasonable steps to ensure that overseas recipients of personal information handle the information in accordance with the Australian Privacy Principles in the Privacy Act. Also, we generally require contractors and service providers to sign our Supplier Privacy Agreements prior to commencing any work to ensure that they comply with our security guidelines and the Privacy Act.
We may also disclose the personal information of patients to their family members or guardian, for the purpose of discussing stories about their experience with the Sydney Children's Hospitals Network, which the patients, have agreed to share via our publications including our website, or for other fundraising activities. We may, with the permission of the patient, also send the patient stories to third parties to help promote their fundraising efforts for the Foundation. Any personal information disclosed via our website may include disclosure to recipients who access our website in countries outside Australia.
Who may act on a patient’s behalf?
- a guardian, parent, carer, or other person responsible for the care of the patient.
- someone with a general power of attorney or a power of attorney which includes health-related power.
- a person recognised under a law as responsible for any aspect of the care or welfare of the patient which is relevant to something the Foundation does or intends to do; and
- a person nominated in writing by the patient while the patient is capable of giving consent.
How secure is your personal information?
Your personal information is stored with a third-party storage provider. We regard the security of your personal information as a priority and implement several physical and electronic measures to protect it, including the use of passwords and firewalls. We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.
Accessing and correcting your personal information
Depending on the information you want to access, where it is stored and the time it will take us to respond to your request for access, we may charge you a fee for the administrative cost of providing the information to you. This charge will not be excessive. If for any reason we refuse to give you access to your personal information or do not give you access in the manner in which you have requested, we will provide you with a written notice giving you the reasons for our refusal (unless it would be unreasonable for us to do so).
Making a complaint
If you would like to access or correct your personal information held by us, or wish to make a complaint about the way we have collected, used, held, or disclosed your personal information, please contact our Privacy Officer:
Phone: 1800 770 122
Mail: Privacy Officer, Sydney Children's Hospitals Foundation, Locked Bag 9002, WESTMEAD NSW 2145
If you want to obtain additional information about your privacy rights and how you can enforce them, please contact the Office of the Australian Information Commissioner.