amexdiners-outlinenoun_Globe_1335341 (1)Slice 1mastercardicon_newslettericon_searchvisa
Protecting your privacy

The Fred Hollows Foundation (ABN 46 070 556 642), and its related entities (‘we’, ‘us’, ‘our’ and ‘Foundation’) are totally committed to protecting your personal information.

Please read this privacy policy carefully as it describes how we handle your personal information.

We may revise this privacy policy from time to time by publishing a revised version on our website.  That revised version takes effect from the time it is published.

 
1. INTRODUCTION

The Fred Hollows Foundation (‘The Foundation’) is committed to promoting and adhering to the highest standards of protection and accountability in its governance and operations to ensure the protection and privacy of personal information and personal data, both within the organisation and under its projects and programs.
 
The Foundation has governance and management systems and processes directed towards reinforcing its commitment under this policy. The measures put in place by The Foundation in this area are complemented by the initiatives it is undertaking to continually improve its operational effectiveness and further strengthen its governance, internal control, security, information protection and risk management practices.
 
This policy outlines how The Foundation will comply with our global standard, based in Australian law. The Privacy Act 1988 (Cth) (‘Privacy Act’) is an Australian law which regulates the handling of personal information about individuals. Similar protections exist under other laws applicable within the jurisdictions in which The Foundation operates such as the General Data Protection Regulation in the European Union.
 
The Privacy Act includes thirteen Australian Privacy Principles (‘APPs’). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including ‘sensitive information’).
 
We make sure we comply with all our obligations and responsibilities under all relevant privacy laws in all jurisdictions and entities, whenever we handle sensitive information.
 

2. DEFINITIONS

Personal information
‘Personal information’, is any information or opinion that can identify or be used to identify an individual. The Foundation may collect and hold personal information from our donors, supporters, volunteers, contractors, visitors to our field programs, and other individuals.

Sensitive information
The Foundation may collect health or other sensitive information, such as information about an individual’s eye health. The Foundation may share health or other sensitive information with our health provider partners and suppliers and they may also share with The Foundation health or other sensitive information they have collected. By providing health or other sensitive information to The Foundation, an individual consents to The Foundation collecting this information and using and disclosing it for the purposes set out in this Privacy Policy.

Cookies
When an individual visits or uses a website of The Foundation, personal information may be collected automatically through cookies including: IP address and/or domain name; operating system (type of browser and platform); and the date, time and length of the visit to the website. This information primarily is used for the compilation of statistical information about the use of the website. Cookies may also be used to assist The Foundation and our third party service providers present targeted and customised advertising to an individual on our website and/or on third party websites.

Website traffic
The Foundation uses Google Analytics to track visits to our website. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it.

Google Analytics collects information anonymously. It reports website trends without identifying individual visitors.
 
This information is used to track the effectiveness of websites. Types of data collected include visits, viewed pages and the technical capabilities of our visitors. These statistics will not identify an individual. For more information read Google's Privacy Policy.

Links to other websites
The Foundation’s website may contain links to third party websites, and third party websites may also have links to The Foundation’s website. This Privacy Policy does not apply to external links or other websites. These third party websites may collect your personal information. The Foundation encourage individuals to read the privacy policies of any website you link to from The Foundation’s website/s.
 

3. SCOPE
This policy outlines how The Foundation will comply with our global standard, based in Australian law and details the alignment of its governance and operations to ensure the protection and privacy of personal information and personal data, both within the organisation and under its projects and programs. This policy applies to all staff of The Foundation and other individuals or partners implementing The Foundation’s activities and operations or representing The Foundation in any capacity.

 
4. PRINCIPLES AND ACTIONS
4.1 Collection of personal information
Most of the time, and where reasonable and practicable, personal information will be collected directly from individuals, particularly where that personal information may include sensitive information.
 
From time to time personal information may be obtained from third parties, such as third party health provider partners. In these circumstances, The Foundation will take reasonable and practicable steps at or before the time of collection (or as soon as practicable after collection) to notify the individual, or otherwise to ensure they are aware, that personal information has been collected and the circumstances of the collection, in accordance with all relevant privacy law in Australia.
 
4.2 Use of personal information
The purposes and uses of collected personal information may include:
  1. processing donations;
  2. communicating with our supporters;
  3. recruiting and managing staff, contractors or volunteers;
  4. conducting marketing activities; and
  5. enabling other activities and functions of the Foundation.

The Foundation may use personal information to send direct marketing messages or telemarketing communications. If at any time you do not want to receive further direct marketing messages or communications from The Foundation, please contact The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or 1800 352 352. Please allow at least 7 days to process your request.
 
If there is a need to handle personal information for any other purpose not set out in this Privacy Policy, The Foundation will only do so with consent or where it may otherwise reasonably expected to do so.

The Foundation does not sell personal information to third parties, and except as provided for in this Privacy Policy does not make personal information available to third parties.

4.3 Retention of personal information
Subject to retention requirements for health information outlined below, The Foundation will only keep personal information for as long as it is needed for any purpose for which it was collected, or otherwise if it is part of a Commonwealth record or is required to be retained under Australian law or by a court or tribunal.
 
In accordance with the State-based health information protection laws, there is a requirement in certain circumstances to retain health information for 7 years after the last occasion on which a health service was provided to an individual, except where the information was collected while the individual was under 18 (in which case, the records will be kept until the individual has reached 25 years of age).
 
Where possible, all personal information which is no longer needed or required by law to be retained will be properly de-identified or destroyed.
 
4.4 Disclosure of personal information
Personal Information will be used and disclosed for the purposes described in ‘Use of personal information’ above. Although The Foundation generally does not disclose personal information to other organisations, this may be done upon the receipt of consent, or if it is required or authorised by law (including in emergency situations or to assist law enforcement), or if it is believed it is reasonably necessary to conduct the functions and activities of The Foundation.
 
The Foundation use a range of suppliers, service providers, contractors and partners to whom your personal information may be disclosed to enable the activities and functions of The Foundation. They may include information technology service providers, direct marketing agencies, banks, credit card companies, recruitment agencies, professional advisers and insurers.

This means that organisations and individuals other than The Foundation may collect access and use personal information held by The Foundation. The Foundation’s standard practice is to require these third party providers, through our agreements with them, to comply with our security guidelines, this Privacy Policy and all relevant privacy laws in Australia.
 
4.5 Disclosure of personal information outside Australia
We are an international organisation with information sharing between our global offices and our health provider partners. This means that it is possible your personal information and sensitive information may be shared with our offices and our health provider partners based outside Australia in regions such as the European Union, North America, Asia and Africa.
 
We also engage external contractors who provide services to The Foundation who are bound by privacy legislation and laws where they are located. It is our standard practice to require these external contractors by written agreement with The Foundation to comply with our security guidelines and this Privacy Policy. Some of these external contractors are located or have information handling facilities outside Australia, in regions such as the European Union, North America, Asia and Africa.
 
You consent to us disclosing your personal information and other sensitive information outside Australia for the purposes set out in this Privacy Policy. Please understand that by giving us this consent, we will not be accountable and you will not be able to seek redress under the Australian Privacy Act, the Australian Privacy Principles or any other relevant privacy laws in Australia if the overseas recipient handles your information in breach of any relevant privacy laws. You may also not be able to seek redress in the overseas jurisdiction if there is a breach of your privacy. However, your consent does not in any way lessen our commitment, and the measures we take, to protect and secure your personal information and sensitive information.
 
4.6 Security of personal information
All reasonable steps are taken to ensure the security of personal information by storing it in a secure environment. If third party providers are used in connection with the storage of personal information it is standard practice to require these third party providers, through agreements with them, to comply with The Foundation’s security guidelines and this Privacy Policy. The Foundation requires our employees, contractors and third party service providers to respect and protect the confidentiality of personal information held.
 
The Foundation’s electronic databases are secured by a firewall and anti-virus software to ensure, so far as practicable, that it is not accessed by unauthorised parties. This website has security measures (minimum 128-bit secure sockets layer encryption) designed to protect against the loss, misuse and/or alteration to personal information under The Foundation’s control. Secure pages on The Foundation websites are protected by a 128-bit SSL certificate.
 
However, because of the nature of the internet, security of personal information cannot be guaranteed. All unencrypted information exchanged via the internet may be accessed and used by people other than those for whom it is intended.
 
4.7. Access or corrections to your personal information
All reasonable steps are taken to ensure that personal information collected, held, used, disclosed, stored and handled is complete, accurate, relevant and up-to-date.
Access to, corrections or removal of personal information, may be requested by contacting the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or 1800 352 352. Verification of your identity will be sought before disclosing any personal information.
 
Requests will be responded to within a reasonable period of time unless it is unreasonable or impracticable to do so. Please allow at least 7 days for processing of a request. All reasonable steps to comply with a request will be made, unless there is a need to keep information for legal, auditing or internal risk management reasons.
 
4.8. Anonymity
Individuals may request to deal with The Foundation anonymously or through a pseudonym. The Foundation will accommodate your request if it is lawful, possible and practical to do so.
 
4.9. Online donations
Donations made online via The Foundation’s websites are processed in real time using a secure payment gateway. Donations are processed in Australia (and for all other countries) in Australian Dollars. If there are any questions or concerns about making an online donation to The Foundation, please contact the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or 1800 352 352.
 
4.10. Job applicants
When The Foundation receive an application for employment personal information that was included in the application may be collected, such as your contact details, career history, education details, eligibility to work in Australia, written references and other career-related information. This may also include sensitive information, such as medical information or criminal history.

Personal information may also be obtained from third parties:
 
  1. personal information through a recruitment service provider;
  2. prior employment history from previous employers or nominated referees;
  3. criminal record history, by way of a criminal history check;
  4. eligibility to work in Australia, by way of a visa status check; and
  5. educational qualifications, by way of requesting confirmation of qualifications or results from an academic institution.
     
If personal information is obtained from third parties, reasonable and practicable steps will be taken, at or before the time of collection (or as soon as practicable after collection) to notify an individual, or otherwise to ensure awareness of the collection of personal information.
 
Personal information may be collected during the recruitment process for the purpose of assessing and progressing an application, inviting applicants to apply for future positions of interest at The Foundation and conducting statistical reporting and analysis in relation to the recruitment processes. Your personal information for future job opportunities may be held, unless specifically requested to be deleted.
 
By applying for a job and providing your personal information, an individual is providing consent to collect personal information, using and disclosing it for the purposes set out in this Privacy Policy. This may include disclosing your personal information to referees and also to other third parties that we use to help with the recruitment process. Personal information may also be to law enforcement agencies to verify whether an individual has a criminal record.
 
4.11. Privacy data breach obligations
Please contact The Foundation if you become aware of any breach of security. If reasonable grounds establish there has been a personal information security breach, we will comply with all our obligations and responsibilities under all relevant privacy laws in Australia, including any obligation to notify you of any security breach and take effective remedial action to protect your personal information.
 
4.12. Privacy obligations 
Where personal information is obtained from individuals for the purpose of The Foundation complying with Australian law relating to counter-terrorism, it should be collected, used, disclosed and stored in a manner which is consistent with The Foundation’s obligations under that applicable Privacy Act and related legislation.
 
4.13. Making a complaint
A designated Privacy Officer is responsible for investigating any complaints or concerns any person may have about protection of their privacy. Any ongoing concerns or problems identified concerning our privacy practices will be taken very seriously and work will be undertaken to address these concerns. There are no fees for lodging a complaint.
 
To make a complaint, please contact the Privacy Officer at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or [email protected] or +61 2 8741 1900 and ask for the Privacy Officer.
 
Please provide as much detail about the facts surrounding the complaint to allow satisfactory resolution and allow at least 7 days to respond to the complaint.
If The Foundation fail to resolve your complaint, the matter may be referred to the Australian Information (Privacy) Commissioner (please see www.oaic.gov.au).
 
 
5. Policy Monitoring & Review Cycle
The Chief Operating Officer is the role responsible for assessing compliance of this policy annually (or more frequently if deemed necessary) and of proposing any necessary changes to the CEO.