Sydney Children's Hospitals Foundation Limited (ACN 003 073 185) (the Foundation) values your privacy.
What personal information do we collect and why?
The Foundation collects personal information from donors, supporters, volunteers, patients and other contacts that is necessary for it to perform its functions. The types of personal information the Foundation collects, and the purposes of collecting that information, include:
- Donors: When you make a donation, including via this website, in person, over the phone, by direct deposit, via email, by post, or through our fundraising personnel or volunteers as part of any of our fundraising events or activities or at our offices, the Foundation collects and stores in our database your name, phone number, address, email address, date of birth, payment and billing details (including credit card details if relevant), and other contact information. With your consent, this information may include health or other sensitive information, for example we may ask you if you or your family members have been treated at the Sydney Children's Hospital previously. We will use this information to process your donation, complete your tax receipt, send you further information about the Foundation for promotional purposes.
- Supporters and volunteers: The Foundation may also collect its supporters' and volunteers' names, phone numbers, addresses, email addresses, and other contact information, records of communication between them and the Foundation and other personal information about our current and potential supporters and volunteers so that we can encourage, record and acknowledge their support and communicate with them about the Foundation and our activities.
- Patients: The Foundation may receive or request details about individual patients, such as their name, age and with the patient’s consent, their medical condition, medical treatment, and medical history, for media purposes, and may communicate directly with patients and their families for this purpose. All patient information received and collected by the Foundation will be treated in the strictest confidence, and will not be made public or distributed to the media without prior patient consent.
- Conducting events: We collect contact details, donation history and other personal information, including photographs and videos, about patients and their family members, donors, volunteers and other supporters who wish to join or participate in our events, programmes we conduct and our publications. This information is used to administer these events, promote and seek support for such events, share individuals' stories with the community and for the activities of the Foundation. With the consent of the relevant person, this information may include health or other sensitive information.
- Assisting with your queries: You may choose to provide us with your name or other contact details when you call us by phone or write to us so that we can respond to your requests, for our newsletter or for other information about the Foundation's services or operations.
- Conducting our general business activities: The Foundation collects personal information about individuals who are, or are employed by, our suppliers (including service and content providers), contractors and agents for our general business operations.
- Applying for a position (as a volunteer or employee) with the Foundation: We may collect your personal information, including name and contact details, information about your working history and relevant records checks (including criminal and working with children checks) when you apply for a position with us, in order for us to assess your suitability for that or other positions. With your consent, this information may include information or an opinion about your criminal record or other sensitive information.
- Credit Card Data: Any credit card transactions information processed via our database is not stored by the Foundation, but rather with a contracted cloud based third party storage provider. Credit card transaction data for recurring donations is stored tokenised in a secure payment gateway that is PCI compliant. Any manual forms returned to the Foundation with credit card details on them are masked and stored securely.
Generally, we collect information directly from the relevant individual. Sometimes, we may need to collect information about an individual from third parties including parents, carers, guardians or other third party information sources. We will do this if the individual has consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from the individual.
Provision of your personal details is the most effective method for the Foundation to communicate with you, and to assist in the efficient delivery of services. While we previously collected personal information from other charities to communicate with their donors and to assist us to raise awareness regarding our fundraising activities, we no longer do so.
How do we use and disclose personal information?
We use and disclose personal information we collect to:
- process donations and communicate with our donors and supporters, including sending them information (which may be by phone, post, email or other electronic means directly from us or a third party mailing house);
- communicate with donors and supporters, patients and their family members, employees and volunteers (including responding to queries and complaints) and to distribute our publications, conduct fundraising events, appeal for further donations and support and raise awareness about our fundraising activities and our mission; and
- conduct our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities and assessing applicants for positions with us.
The disclosures referred to above may include disclosure to our third parties such as our contractors, service providers, partners, employees and volunteers only to the extent necessary for them to perform their duties to us. We use a range of suppliers, service providers, contractors and partners to enable us to perform the activities and functions of the Foundation. They include information technology service providers, direct marketing agencies, banks, credit card companies and recruitment agencies.
Such disclosure may include disclosure to contractors and services providers located outside of Australia, including in the United States of America, Japan, China, Hong Kong, the United Kingdom and Canada. The privacy laws of these countries may not provide the same level of protection as the Australian Privacy Laws.
We take all reasonable steps to ensure that overseas recipients of personal information handle the information in accordance with the Privacy Act and the Australian Privacy Principles contained therein. Further to this, we generally require contractors and service providers to sign our Supplier Privacy Agreements prior to commencing any work to ensure that they comply with our security guidelines and the Australian Privacy Laws.
We may also disclose the personal information of patients to their family members or guardian, for the purpose of discussing stories about their experience with the Sydney Children's Hospital which the patients have agreed to share via our publications or for other fundraising activities. We may, with your permission, also send the patient stories to third parties to help promote their fundraising efforts for the Foundation and refer to patient stories in our publications, including on our website. Any personal information disclosed via our website may include disclosure to recipients who access our website in countries outside Australia.
Who may act on a patient’s behalf?
- a guardian, parent, carer or other person responsible for the care of the patient;
- someone with a general power of attorney or a power of attorney which includes health-related power;
- a person recognised under a law as responsible for any aspect of the care or welfare of the patient which is relevant to something the Foundation does or intends to do; and
- a person nominated in writing by the patient while the patient is capable of giving consent.
How secure is your personal information?
Your personal information is stored with a third party storage provider. We regard the security of your personal information as a priority and implement a number of physical and electronic measures to protect it, including the use of passwords and firewalls. We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.
The Foundation’s website may also use Google Analytics features which allow us to tailor our marketing to better suit your needs.
If you prefer not to allow this, you may be able to adjust your browser to turn off the use of “cookies” or notify you when they are being used. However, if you disable cookies, you may not be able to access certain areas or take advantage of certain features of the Foundation’s website. If you choose to not have your browser accept cookies from the Foundation’s website, you will need to re-enter your personal information each time that you attempt to access information. You can also opt out of programs like Google Analytics if you wish: https://tools.google.com/dlpage/gaoptout/.
Accessing and correcting your personal information
Depending on the information you want to access, where it is stored and the time it will take us to respond to your request for access, we may charge you a fee for the administrative cost of providing the information to you. This charge will not be excessive. If for any reason we refuse to give you access to your personal information, or do not give you access in the manner in which you have requested, we will provide you with a written notice giving you the reasons for our refusal (unless it would be unreasonable for us to do so).
Making a complaint
Making contact with us
If you would like to access your personal information held by us or wish to make a complaint about the way we have collected, used, held or disclosed your personal information, please contact our Privacy Officer:
Phone: (02) 9382 1188
Mail: Privacy Officer, Sydney Children's Hospitals Foundation, Locked Bag 2005, Randwick NSW 2031
Fax: (02) 9382 0850
If you want to obtain additional information about your privacy rights and how you can enforce them, please contact the Office of the Australian Information Commissioner.