Register

The Foundation recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies.

The Foundation is bound by the Information Privacy Act 2009 (Qld), as well as other laws regulating the handling of personal information (Privacy Laws), which impose specific obligations when it comes to handling information. In broad terms this means that we:

• Collect only information which the organisation requires for its primary function;
• Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
• Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
• Store personal information securely, protecting it from unauthorised access; and
• Provide stakeholders with access to their own information, and the right to seek its correction.

The Foundation will adhere to the Procedures outlined below.

Procedures

What personal information we collect

The Foundation may collect the following types of information:

• name;
• mailing or street address;
• email address;
• telephone number and other contact details;
• age or date of birth;
• UR number;
• gender; or
• any other personal information that may be required in order to facilitate your dealings with us.

Consent to collection of personal information

We will only collect personal information that is necessary for the performance and primary function of the Foundation, where we are required to by law or you have consented to our collection of your personal information from third parties. If you choose to provide us with personal information, you consent to the transfer and storage of such personal information on our servers for as long as we consider necessary to fulfil the purpose for which such personal information was collected, or as required by relevant laws, in accordance with this privacy policy and any other arrangements that apply between us. In this context, “collect” means gather, acquire or obtain by any means, information in circumstances where the individual is identifiable or identified.

How we collect personal information

We may collect personal information from you:

• via one of our websites, including by joining our mailing list;
• via social media;
• via telephone;
• via email;
• via fax;
• via a Metro South Health Hospital admission form, where you have indicated consent to provide information to us; 
• via your participation in any marketing initiative or promotional activities or events;
• via your purchase of any items from us including the purchase of raffle tickets;
• in person; and/or
• in writing.

We will generally collect personal information directly from you. We may use third party contractors, such as call centres and mail houses, to collect personal information from you. The Foundation uses reasonable commercial endeavours to engage with providers whose privacy policies are similar the Foundation in material respects, and we retain copies of such policies on file for this purpose.

We may also collect personal information from third parties (including list brokers) and publicly available sources of information. We may use personal information supplied by you or a third party to source additional personal information from publicly available sources of information.

Sharing personal information The Foundation shares our database with other liked minded charities as is normal practice within the NFP sector.  Donors are given the opportunity to request their details are not shared.  This sharing of data amongst other charities happens twice per annum. 

Sensitive information

Some personal information (e.g. race, ethnicity, health information etc.) is sensitive and requires a higher level of protection under the Privacy Law. Although it is unlikely we will need to do so, we will only collect such sensitive information when we have your express consent for us to do so and the collection is reasonably necessary for us to pursue one or more of our functions or activities, or where the information is required or authorised by law or necessary for the establishment, exercise or defence of a legal claim. 

Employment application

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This privacy policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Laws. 

Payment information

If you are making a donation through our website, you will be required to submit your relevant payment information including bank account details, credit card details, billing address and invoice details. The payment information you submit through our website will be managed by Stripe Payments Australia Pty Ltd (Stripe).

If you would like to access or seek correction of your personal information, or if you have complaints regarding Stripe’s privacy practices, please contact the Stripe privacy officer by emailing privacy@stripe.com. Alternatively, you may contact them domestically at the following address: Privacy Officer, Stripe Australia, Level 46, MLC Centre, 19-29 Martin Place, Sydney, NSW 2000.

When providing your payment information, some information may be identified as mandatory or voluntary. If you do not provide the mandatory data, Stripe may not be able to effectively process your donation.

Notification of collection

Where we have collected personal information about you either directly or by other means as set out above, we will notify you of the following at the time, or as soon as practicable, to ensure that you are aware of such collection and its purpose:

• the main reason that we are collecting personal information;
• other related uses or disclosures that we may make of the personal information;
• our identity and how you can contact us, if this is not obvious;
• that you can access the personal information that we hold about you;
• that you should contact us should you need to access or correct personal information collected by us or have any concerns in relation to personal information;
• the organisations to whom we usually disclose the personal information;
• where applicable, any law that requires the personal information to be collected;

If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the Privacy Law. Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information. In respect of unsolicited sensitive information, we will, if it is lawful and reasonable to do so, immediately destroy the information or de-identify the information.

Purpose of collection, use and disclosure

The Foundation will collect, use, and disclose personal information for the following primary purposes for which it was collected: 

• marketing to and informing supporters/donors about Foundation research, appeals and events;
• soliciting/requesting and processing donations, gifts and bequests from supporters/donors;
• maintaining appropriate relationships with supporters/donors;
• organising fundraising events; and
• building profiles on supporters/donors in order to better understand their areas of interest in the Foundation. 

The Foundation will also collect personal information for a directly related secondary purpose. For other uses we will obtain consent from the affected person.

Direct marketing

If you subscribe to our e-communications (e.g. newsletters, event updates etc.), we may send you direct updates about our products and services, event invitations and for marketing purposes (including advising you of other products, services, promotional events, programs and special offers which may be of interest to you). This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and the Privacy Laws. If you do not wish to remain a subscriber to our mailing list, you can unsubscribe from any electronic communications by clicking the ‘unsubscribe’ button or by contacting general@pafoundation.org.au.

Disclosure

We may disclose personal information for the purposes described in this Privacy Policy to:

• our employees and related bodies corporate;
• third party suppliers and service providers (including call centre and mail house operators);
• professional advisers and agents;
• payment systems operators (for example, merchants receiving card payments); 
• our sponsors or promoters of any competition that we conduct via our services;
• specific third parties authorised by you to receive information held by us; and/or
• other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Cookies

We may collect personal information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer. 

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Where your personal information is stored

We store your personal information in our donor database, which is a secure, control accessed fundraising industry database. The data servers are password protected and login secured. Each staff member who can access the database has a unique user name and password and the system tracks all access and changes and the user who makes them. 

How your personal information is stored

The Foundation will take reasonable steps to safeguard the personal information we collect from you and store against misuse, loss, unauthorised access and modification. We take reasonable steps to protect your personal information from unauthorised access, loss, disclosure or modification in accordance with this privacy policy.

We regularly monitor all our systems holding personal information, however, no data transmission over the internet can be guaranteed as one hundred per cent secure. We will take reasonable steps to maintain the security of and to prevent unauthorised access to or disclosure of your personal information. However, we do not guarantee that unauthorised access to your personal information will not occur, either during transmission of that information to us or after we receive that information.

We only retain your personal information for as long as is necessary for the purposes for which it was collected and we are required to keep it to comply with any laws. All data is held in our donor database and archived electronically after 36 months of no reply to communication or requested by the individual. We will take such steps as are reasonable in the circumstances to destroy or de-identify personal information which we no longer need. These measures may vary depending on the personal information held.

The Foundation will:

• Ensure stakeholders are aware of the Foundation’s commitment to privacy and make the Privacy Policy available on its website at www.pafoundation.org.au and upon request. 
• Ensure a commitment statement on privacy is included in publications and on the organisation’s website.

Data quality

The Foundation will take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform. All records on our donor database are compared to a deceased persons list quarterly. Additionally, any changes notified to us by phone, email and online are actioned immediately.

Access and correction

The Foundation will ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.

You can request access to your personal information held by us. We may ask that you put the request in writing and may also require some proof of identification before releasing or correcting any personal information. 

We take the accuracy of your personal information seriously, if you are aware that the information we hold relating to you is inaccurate, incorrect or out-of-date, please contact the main office by phone on (07) 3180 1840, by post at PA Research Foundation, PA Hospital, 199 Ipswich Rd, WOOLLOONGABBA 4102, or by email at general@pafoundation.org.au.

Complaints

If you have a complaint about the way we have dealt with your personal information, or if you think we have breached the Privacy Act, please contact the main office by phone on (07) 31801840, by post at PA Research Foundation, PA Hospital, 199 Ipswich Rd, WOOLLOONGABBA 4102, or by email at general@pafoundation.org.au.

We will seek to deal with privacy complaints as follows:

• complaints will be treated seriously;
• complaints will be dealt with promptly;
• complaints will be dealt with confidentially;
• complaints will be investigated; and
• the outcome of an investigation will be provided to the complainant where the complainant has provided proof of identity. We will seek to respond within a reasonable time after the complaint or request was made.

If you think we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take. 

Under the Privacy Laws, you may complain to the Office of the Information Commissioner – Queensland about the way we handle your personal information. The Commissioner can be contacted at: 

Attention: Privacy team
Office of the Information Commissioner
PO Box 10143
Adelaide Street
BRISBANE QLD 4000

By email: administration@oic.qld.gov.au 

The Foundation will give you the option of not identifying yourself when completing evaluation forms or opinion surveys. However, if you choose to remain anonymous or to use a pseudonym, we may not be able to provide you with access to some or all of our products or services. We do not provide this option in circumstances where it is impracticable to do so or where we are legally required to deal with identified individuals only.

The Foundation:

• Can only release personal information about a person with that person’s expressed permission. For personal information to be released, the person concerned must sign a release form. 
• Can release information to third parties where it is requested by the person concerned.

We reserve the right in our sole discretion to modify, amend, vary or update this Privacy Policy at any time without notice. If this is necessary, we will post the amended Privacy Policy on our website to ensure you are kept up-to-date of how we manage your personal information. We recommend you review the Privacy Policy regularly to ensure you are aware of any changes.

Privacy Policy reviewed September 2020