Protecting your privacy
The Fred Hollows Foundation (ABN 46 070 556 642), and its related entities (‘we’, ‘us’, ‘our’ and ‘Foundation’) are totally committed to protecting your personal information.
The Fred Hollows Foundation (The Foundation) is committed to promoting and adhering to the highest standards of protection and accountability in its governance and operations to ensure the protection and privacy of Personal Information and personal data, both within the organisation and under its projects and programs.
The Foundation has governance and management systems and processes directed towards reinforcing its commitment under this policy. The measures put in place by The Foundation in this area are complemented by the initiatives it is undertaking to continually improve its operational effectiveness and further strengthen its governance, internal control, security, information protection and risk management practices.
This policy outlines how The Foundation will comply with our global standard, based in Australian law. The Privacy Act 1988 (Cth) (Privacy Act) is an Australian law which regulates the handling of Personal Information about individuals. Similar protections exist under other laws applicable within the jurisdictions in which The Foundation operates such as the General Data Protection Regulation in the European Union.
The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of Personal Information (including Sensitive Information).
We make sure we comply with all our obligations and responsibilities under all relevant privacy laws in all jurisdictions and entities, whenever we handle Personal Information.
Personal Information - is any information or opinion that can identify or be used to identify an individual or is Sensitive Information that has been de-identified. The Foundation collects Personal Information about you where it is reasonably necessary for us to perform one or more of our functions or activities.
4. Commitments under this policy
4.1 Collection of Personal Information
Most of the time, and where reasonable and practicable to do so, Personal Information will be collected directly from individuals, particularly where that Personal Information may include Sensitive Information.
From time to time Personal Information may be obtained by us from third parties, such as third party health provider partners, our donors, supporters, volunteers, contractors, visitors to our field programs, and other individuals for various business and other purposes further listed in section 4.2. In these circumstances, The Foundation will take reasonable and practicable steps at or before the time of collection (or as soon as practicable after collection) to notify the individual, or otherwise to ensure they are aware, that Personal Information has been collected and the circumstances of the collection, in accordance with all relevant privacy law in Australia.
The types of Personal Information The Foundation will collect from you will depend on the circumstances in which that information is collected. It may include:
(a) contact details (i.e. your name, address, email, phone and facsimile details);
(b) information about your employment (e.g. place of work, position, authority to transact with us, etc.);
(c) information required as part of a recruitment process;
(d) statistical information regarding the use of The Foundation's website/s;
(e) health or other Sensitive Information, such as information about an individual’s eye health; and
(f) financial information including bank account or credit card details needed to process donations or make payments to suppliers and partners.
If you do not provide us with the information we request, we may not be able to fulfil the applicable purpose of collection, such as to receive your donation.
4.2 Use of Personal Information
The purposes and uses of collected Personal Information may include:
communicating with supporters, donors and partner organisations;
recruiting and managing staff, contractors or volunteers;
conducting marketing activities;
monitoring and evaluating our programs;
conducting research and evaluation;
promoting eye health and related products and services;
conducting or supporting eye health screening or intervention activities; and
enabling other activities and functions of The Foundation.
The Foundation may use your Personal Information for the purposes of direct marketing, for example in relation to products and/or services The Foundation may offer from time to time, or telemarketing communications where we have your consent or we are otherwise permitted by law to do so. If at any time you do not want to receive further direct marketing messages or communications from The Foundation, please contact The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or 1800 352 352. Please allow at least 7 days to process your request.
4.3 Retention of Personal Information
Subject to retention requirements for health information outlined below, The Foundation will only keep Personal Information for as long as it is needed for any purpose for which it was collected, or otherwise if it is part of a Commonwealth record or is required to be retained under Australian law or by a court or tribunal.
In accordance with the State-based health information protection laws, there is a requirement in certain circumstances to retain health information for 7 years after the last occasion on which a health service was provided to an individual, except where the information was collected while the individual was under 18 (in which case, the records will be kept until the individual has reached 25 years of age).
Personal Information collected for research and evaluation activities will be retained according to the periods specified in the project proposal and relevant law. In general, the minimum retention period is five years post-publication.
Where possible, all Personal Information which is no longer needed or required by law to be retained will be properly de-identified or destroyed.
4.4 Disclosure of Personal Information
Personal Information will be used and disclosed for the purposes described in the Use of Personal Information section above. Although The Foundation generally does not disclose Personal Information to other organisations, this may be done upon the receipt of your consent, or if it is required or authorised by law (including in emergency situations or to assist law enforcement), or if it is believed it is reasonably necessary to conduct the functions and activities of The Foundation.
The Foundation uses a range of suppliers, service providers, contractors and partners to whom your Personal Information may be disclosed to enable the activities and functions of The Foundation. They may include information technology service providers, health provider partners, suppliers of healthcare products and services, direct marketing service providers, banks, credit card companies, recruitment agencies, professional advisers and insurers.
4.5 Disclosure of Personal Information outside Australia
We are an international organisation with information sharing between our global offices and our health provider partners. This means that it is possible your Personal Information, including health and other Sensitive Information, may be shared with our offices and our health provider partners based outside Australia. You can find a list of the countries in which we work on our website: https://www.hollows.org/au/where-we-work. The Foundation also has offices in the United Kingdom, United States, Hong Kong and United Arab Emirates for the purposes of fundraising and advocacy and a social enterprise based in Singapore.
4.6 Security of Personal Information
The Foundation uses best practice security standards to protect unauthorised access to, loss or misuse of and/or alteration to Personal Information under The Foundation’s control. This includes the use of firewalls, anti-virus software, Transport Layer Security (TLS – the modern equivalent of the old SSL) encryption (minimum 256-bit) on data transfers, and the latest certificates to protect all websites.
However, because of the nature of the internet, security of Personal Information cannot be guaranteed. All unencrypted information exchanged via the internet may be accessed and used by people other than those for whom it is intended.
4.7. Access or corrections to your Personal Information
All reasonable steps are taken to ensure that Personal Information collected, held, used, disclosed, stored and handled is complete, accurate, relevant and up-to-date.
Access to, corrections or removal of Personal Information, may be requested by contacting the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or 1800 352 352. Verification of your identity will be sought before disclosing any Personal Information.
Requests will be responded to within a reasonable period of time unless it is unreasonable or impracticable to do so. Please allow at least 7 days for processing of a request. All reasonable steps to comply with a request
will be made, unless there is a need to keep information for legal, auditing or internal risk management reasons.
Individuals may request to deal with The Foundation anonymously or through a pseudonym. The Foundation will accommodate your request if it is lawful, possible and practical to do so.
4.9. Online donations
Donations made online via The Foundation’s websites are processed in real time using a secure payment gateway. Donations are processed in Australia (excluding US & Hong Kong) in Australian Dollars. If there are any questions or concerns about making an online donation to The Foundation, please contact the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or 1800 352 352.
When an individual visits or uses a website of The Foundation, Personal Information and user data may be collected automatically through cookies, including but not limited to: IP address and/or domain name; operating system (type of browser and platform); and the date, time and length of the visit to the website. Cookies are pieces of information that a website transfers to your computer's hard disk for record keeping purposes and are a necessary part of facilitating online transactions.
This information primarily is used for the compilation of statistical information about the use of The Foundation's website. Cookies may also be used to assist The Foundation and our third party service providers present personalised content and/or targeted and customised advertising to an individual on our website and/or on third party websites.
4.11. Links to other websites
4.12. Website traffic
The Foundation uses analytics tools to track visits to our website. These tools help The Foundation understand how visitors engage with its website. The Foundation can view a variety of reports about how visitors interact with our website so that we can improve it. This information is collected anonymously, reporting website trends without identifying individual visitors. We use this information to track the effectiveness of the website. Types of data collected include visits, viewed pages and the technical capabilities of our visitors. These statistics will not identify an individual.
4.13. Job applicants
When The Foundation receives an application for employment, Personal Information that was included in the application may be collected, such as your contact details, career history, education details, eligibility to work in the country where the role is based, written references and other career-related information. This may also include Sensitive Information, such as medical information or criminal history.
Personal Information may also be obtained from the following third parties:
Personal Information through a recruitment service provider;
prior employment history from previous employers or nominated referees;
criminal record history, by way of a criminal history check;
eligibility to work in the country where the role is based, by way of a passport or visa status check; and
educational qualifications, by way of requesting confirmation of qualifications or results from an academic institution.
If Personal Information is obtained from third parties, reasonable and practicable steps will be taken, at or before the time of collection (or as soon as practicable after collection) to notify an individual, or otherwise to ensure awareness of the collection of Personal Information.
Personal Information may be collected during the recruitment process for the purpose of assessing and progressing an application, inviting applicants to apply for future positions of interest at The Foundation and conducting statistical reporting and analysis in relation to the recruitment processes. Your Personal Information for future job opportunities may be held, unless specifically requested to be deleted.
A refusal to provide any of this information, or to consent to its proposed disclosure may affect the success of the job application.
4.14. Privacy data breach obligations
Please contact The Foundation if you become aware of any breach of security. If reasonable grounds establish there has been a Personal Information security breach, we will comply with all our obligations and responsibilities under all relevant privacy laws in Australia, including any obligation to notify you of any security breach and take effective remedial action to protect your Personal Information.
4.15. Making a complaint
A designated Privacy Officer is responsible for investigating any complaints or concerns any person may have about protection of their privacy. Any ongoing concerns or problems identified concerning our privacy practices will be taken very seriously and work will be undertaken to address these concerns. There are no fees for lodging a complaint.
To make a complaint, please contact the Privacy Officer at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or +61 2 8741 1900 and ask for the Privacy Officer.
Please provide as much detail about the facts surrounding the complaint to allow satisfactory resolution and allow at least 7 days to respond to the complaint.
If The Foundation fails to resolve your complaint, the matter may be referred to the Australian Information (Privacy) Commissioner (please see www.oaic.gov.au).
5. Policy Monitoring & Review Cycle