Protecting your privacy
The Fred Hollows Foundation (ABN 46 070 556 642), and its related entities (‘we’, ‘us’, ‘our’ and ‘Foundation’) are totally committed to protecting your personal information.
The Fred Hollows Foundation (‘The Foundation’) is committed to promoting and adhering to the highest standards of protection and accountability in its governance and operations to ensure the protection and privacy of personal information and personal data, both within the organisation and under its projects and programs.
The Foundation has governance and management systems and processes directed towards reinforcing its commitment under this policy. The measures put in place by The Foundation in this area are complemented by the initiatives it is undertaking to continually improve its operational effectiveness and further strengthen its governance, internal control, security, information protection and risk management practices.
This policy outlines how The Foundation will comply with our global standard, based in Australian law. The Privacy Act 1988 (Cth) (‘Privacy Act’) is an Australian law which regulates the handling of personal information about individuals. Similar protections exist under other laws applicable within the jurisdictions in which The Foundation operates such as the General Data Protection Regulation in the European Union.
The Privacy Act includes thirteen Australian Privacy Principles (‘APPs’). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including ‘sensitive information’).
We make sure we comply with all our obligations and responsibilities under all relevant privacy laws in all jurisdictions and entities, whenever we handle sensitive information.
‘Personal information’, is any information or opinion that can identify or be used to identify an individual. The Foundation may collect and hold personal information from our donors, supporters, volunteers, contractors, visitors to our field programs, and other individuals.
When an individual visits or uses a website of The Foundation, personal information may be collected automatically through cookies including: IP address and/or domain name; operating system (type of browser and platform); and the date, time and length of the visit to the website. This information primarily is used for the compilation of statistical information about the use of the website. Cookies may also be used to assist The Foundation and our third party service providers present targeted and customised advertising to an individual on our website and/or on third party websites.
The Foundation uses Google Analytics to track visits to our website. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it.
Google Analytics collects information anonymously. It reports website trends without identifying individual visitors.
Links to other websites
This policy outlines how The Foundation will comply with our global standard, based in Australian law and details the alignment of its governance and operations to ensure the protection and privacy of personal information and personal data, both within the organisation and under its projects and programs. This policy applies to all staff of The Foundation and other individuals or partners implementing The Foundation’s activities and operations or representing The Foundation in any capacity.
4. PRINCIPLES AND ACTIONS
4.1 Collection of personal information
Most of the time, and where reasonable and practicable, personal information will be collected directly from individuals, particularly where that personal information may include sensitive information.
From time to time personal information may be obtained from third parties, such as third party health provider partners. In these circumstances, The Foundation will take reasonable and practicable steps at or before the time of collection (or as soon as practicable after collection) to notify the individual, or otherwise to ensure they are aware, that personal information has been collected and the circumstances of the collection, in accordance with all relevant privacy law in Australia.
4.2 Use of personal information
The purposes and uses of collected personal information may include:
- processing donations;
- communicating with our supporters;
- recruiting and managing staff, contractors or volunteers;
- conducting marketing activities; and
- enabling other activities and functions of the Foundation.
The Foundation may use personal information to send direct marketing messages or telemarketing communications. If at any time you do not want to receive further direct marketing messages or communications from The Foundation, please contact The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected]
or 1800 352 352. Please allow at least 7 days to process your request.
4.3 Retention of personal information
Subject to retention requirements for health information outlined below, The Foundation will only keep personal information for as long as it is needed for any purpose for which it was collected, or otherwise if it is part of a Commonwealth record or is required to be retained under Australian law or by a court or tribunal.
In accordance with the State-based health information protection laws, there is a requirement in certain circumstances to retain health information for 7 years after the last occasion on which a health service was provided to an individual, except where the information was collected while the individual was under 18 (in which case, the records will be kept until the individual has reached 25 years of age).
Where possible, all personal information which is no longer needed or required by law to be retained will be properly de-identified or destroyed.
4.4 Disclosure of personal information
Personal Information will be used and disclosed for the purposes described in ‘Use of personal information’ above. Although The Foundation generally does not disclose personal information to other organisations, this may be done upon the receipt of consent, or if it is required or authorised by law (including in emergency situations or to assist law enforcement), or if it is believed it is reasonably necessary to conduct the functions and activities of The Foundation.
The Foundation use a range of suppliers, service providers, contractors and partners to whom your personal information may be disclosed to enable the activities and functions of The Foundation. They may include information technology service providers, direct marketing agencies, banks, credit card companies, recruitment agencies, professional advisers and insurers.
4.5 Disclosure of personal information outside Australia
We are an international organisation with information sharing between our global offices and our health provider partners. This means that it is possible your personal information and sensitive information may be shared with our offices and our health provider partners based outside Australia in regions such as the European Union, North America, Asia and Africa.
4.6 Security of personal information
The Foundation’s electronic databases are secured by a firewall and anti-virus software to ensure, so far as practicable, that it is not accessed by unauthorised parties. This website has security measures (minimum 128-bit secure sockets layer encryption) designed to protect against the loss, misuse and/or alteration to personal information under The Foundation’s control. Secure pages on The Foundation websites are protected by a 128-bit SSL certificate.
However, because of the nature of the internet, security of personal information cannot be guaranteed. All unencrypted information exchanged via the internet may be accessed and used by people other than those for whom it is intended.
4.7. Access or corrections to your personal information
All reasonable steps are taken to ensure that personal information collected, held, used, disclosed, stored and handled is complete, accurate, relevant and up-to-date.
Access to, corrections or removal of personal information, may be requested by contacting the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected]
or 1800 352 352. Verification of your identity will be sought before disclosing any personal information.
Requests will be responded to within a reasonable period of time unless it is unreasonable or impracticable to do so. Please allow at least 7 days for processing of a request. All reasonable steps to comply with a request will be made, unless there is a need to keep information for legal, auditing or internal risk management reasons.
Individuals may request to deal with The Foundation anonymously or through a pseudonym. The Foundation will accommodate your request if it is lawful, possible and practical to do so.
4.9. Online donations
Donations made online via The Foundation’s websites are processed in real time using a secure payment gateway. Donations are processed in Australia (and for all other countries) in Australian Dollars. If there are any questions or concerns about making an online donation to The Foundation, please contact the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected]
or 1800 352 352.
4.10. Job applicants
When The Foundation receive an application for employment personal information that was included in the application may be collected, such as your contact details, career history, education details, eligibility to work in Australia, written references and other career-related information. This may also include sensitive information, such as medical information or criminal history.
Personal information may also be obtained from third parties:
- personal information through a recruitment service provider;
- prior employment history from previous employers or nominated referees;
- criminal record history, by way of a criminal history check;
- eligibility to work in Australia, by way of a visa status check; and
- educational qualifications, by way of requesting confirmation of qualifications or results from an academic institution.
If personal information is obtained from third parties, reasonable and practicable steps will be taken, at or before the time of collection (or as soon as practicable after collection) to notify an individual, or otherwise to ensure awareness of the collection of personal information.
Personal information may be collected during the recruitment process for the purpose of assessing and progressing an application, inviting applicants to apply for future positions of interest at The Foundation and conducting statistical reporting and analysis in relation to the recruitment processes. Your personal information for future job opportunities may be held, unless specifically requested to be deleted.
4.11. Privacy data breach obligations
Please contact The Foundation if you become aware of any breach of security. If reasonable grounds establish there has been a personal information security breach, we will comply with all our obligations and responsibilities under all relevant privacy laws in Australia, including any obligation to notify you of any security breach and take effective remedial action to protect your personal information.
4.12. Privacy obligations
Where personal information is obtained from individuals for the purpose of The Foundation complying with Australian law relating to counter-terrorism, it should be collected, used, disclosed and stored in a manner which is consistent with The Foundation’s obligations under that applicable Privacy Act and related legislation.
4.13. Making a complaint
A designated Privacy Officer is responsible for investigating any complaints or concerns any person may have about protection of their privacy. Any ongoing concerns or problems identified concerning our privacy practices will be taken very seriously and work will be undertaken to address these concerns. There are no fees for lodging a complaint.
To make a complaint, please contact the Privacy Officer at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected]
or +61 2 8741 1900 and ask for the Privacy Officer.
Please provide as much detail about the facts surrounding the complaint to allow satisfactory resolution and allow at least 7 days to respond to the complaint.
If The Foundation fail to resolve your complaint, the matter may be referred to the Australian Information (Privacy) Commissioner (please see www.oaic.gov.au
5. Policy Monitoring & Review Cycle
The Chief Operating Officer is the role responsible for assessing compliance of this policy annually (or more frequently if deemed necessary) and of proposing any necessary changes to the CEO.