ROYAL HOSPITAL FOR WOMEN FOUNDATION
JULY 2018

PRIVACY POLICY

The Royal Hospital for Women Foundation Limited (ABN 79 276 416 465) (the Foundation) values your privacy. 

This Privacy Policy sets out the Foundation's practices in relation to the collection, use, storage and disclosure of personal information. The Foundation is bound by the Privacy Act 1988 (Cth) (the Privacy Act) as well as other applicable laws protecting privacy (Australian Privacy Laws).

The Foundation may modify or update this privacy policy from time to time by publishing a modified or updated version of it on the Foundation’s website. The Foundation encourages individuals to check the Foundation's website periodically to ensure that they are aware of the Foundation's current privacy policy.

By providing personal information to us, you consent to our collection, use and disclosure of that personal information on the terms of this privacy policy and any other contractual or other arrangements that apply between us (if any).

WHAT INFORMATION DOES THE FOUNDATION COLLECT AND WHY?

The Foundation collects personal information from donors, supporters, volunteers, patients and visitors to The Royal Hospital for Women that is necessary for the Foundation to perform its philanthropic functions. The types of personal information the Foundation collects, and the purposes of collecting that information, include:

  • Donors: When you make a donation, including via this website, in person, over the phone, by direct deposit, via email, by post, or through any of our fundraising events or activities, the Foundation collects and stores in our database (where available and attainable) your name, phone number, address, email address, date of birth, payment and billing details (including credit card details if relevant i.e regular giving), and other contact information such as area of (health) interest. With your consent, this information may include health or other sensitive information, for example we may ask you if you or your family members have been cared for at The Royal Hospital for Women. We will use this information to process your donation, complete your tax receipt, send you further information about the Foundation that is relevant to the connection between you and The Royal Hospital for Women.
  • Supporters and volunteers: The Foundation may also collect its supporters' and volunteers' names, phone numbers, addresses, email addresses, and other contact information, records of communication between them and the Foundation and other personal information about our current and potential supporters and volunteers so that we can encourage, record and acknowledge their support and communicate with them about the Foundation and our activities. All access to this information is encrypted and password protected, accessible only by RHW Foundation staff who are appropriately charged with this responsibility.
  • Patients: The Foundation may receive or request details about individual patients, such as their name, age and, with the patient’s consent, their medical condition, medical treatment, and medical history and may communicate directly with patients and their families for this purpose. All patient information received and collected by the Foundation will be treated in the strictest confidence, and will not be made public or distributed to the media without prior explicit patient consent.
  • Distributing publications: We collect contact details (which may include name, phone number, address, email address, and other contact information) when individuals contact or interact with us in order to distribute newsletters and other communications in print and electronic form from time to time. Recipients may choose to have their contact details removed from our distribution lists by contacting our Privacy Officer using the contact details at the end of this privacy policy.
  • Foundation Events: We collect contact details, donation history and other personal information, including photographs and videos. This information is used to administer these events, thank donors and supporters; and promote and seek support for such events, share individuals' stories with the community and to promote the activities of the Foundation. With the consent of the relevant person, this information may include health or other sensitive information.
  • Contacting us and general queries: You may choose to provide us with your name or other contact details when you call us by phone or write to us so that we can respond to your requests, for our newsletter or for other information about the Foundation's services or operations.
  • Conducting our philanthropic business activities: The RHW Foundation collects personal information about individuals who are, or are employed by, our suppliers (including service and content providers), contractors and agents for our general business operations.
  • Credit Card Data: Any credit card transactions information processed via our database is not stored by the Foundation, but rather with a securely encrypted contracted cloud based third party storage provider. Credit card transaction data for recurring donations is stored in a secure payment gateway that is PCI compliant. Any manual forms returned to the Foundation with credit card details on them are masked and stored securely and are destroyed securely as soon as the information is acted upon.
  • Patient and Guest WiFi: (Incoming) The Foundation provides Guest WiFi at The Royal Hospital for Women for patients, guests and visitors.  Accessing Guest WiFi is subject to the Terms and Conditions accepted by a user when connecting to the WiFi service.  Data collected through Guest WiFi includes name, date of birth, email address and area of the Hospital in which the WiFi is accessed.
  • Corporate Partners: Contact person's name, the name of the organisation which employs the person, telephone numbers, street and postal address, email address and position title; areas of interest by category and industry; bank details (if we are to receive payment or make payment for services received); Australian Business Number (ABN); type of support (eg. workplace giving, goods in kind, crowdfunding).
  • Social Media: We may communicate with you and other members of the public through social media platforms such as Facebook, Twitter or Instagram. In light of this we may collect your personal information when you communicate with us by using these social networking services, and the social networking services will also handle your personal information for their own activities. These social networking services have their own privacy policies that you should consider before use.

Provision of your personal details is the most effective method for the RHW Foundation to communicate with you in a personalised and relevant manner, and to assist in the efficient delivery of services supporting The Royal Hospital for Women.

HOW DO WE USE AND DISCLOSE PERSONAL INFORMATION?

We use personal information we collect to:

  • Invite and process donations (including receipting for tax-deductible purposes), communicate with and thank our donors and supporters. This may include sending information (which may be by phone, post, email or other electronic means directly from the Foundation).
  • Communicate with donors and supporters, patients and their family members, employees and volunteers (including responding to queries and complaints) and to distribute our publications, conduct fundraising events, appeal for further donations and support, and raise awareness about our fundraising activities and our mission.
  • Conduct, on behalf of The Royal Hospital for Women and the Local Health District under whose jurisdiction it sits, surveys and patient questionnaires to assist with further development of the Hospital infrastructure, improve services or identify shortfalls in customer satisfaction.
  • Conduct our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities.
  • The disclosures referred to above may include disclosure to our third parties such as our contractors, service providers, partners, employees and volunteers only to the extent necessary for them to perform their duties to us. We use a range of suppliers, service providers, contractors and partners to enable us to perform the activities and functions of the Foundation.  They include information technology service providers, direct marketing agencies, banks and credit card companies. Some of these third party providers may store your personal information on servers located overseas.

We take all reasonable steps to ensure that personal information is handled in accordance with the Privacy Act and the Australian Privacy Principles contained therein.

HOW SECURE IS YOUR PERSONAL INFORMATION?

Your personal information is stored with a trusted third party provider. We respect and regard the security of your personal information as a priority and implement a number of physical and electronic measures to protect it, including the use of passwords, firewalls that are vigilantly monitored, and backups. We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.

Where required, the Foundation will de-identify data. De-identification involves the removal or alteration of personal identifiers, followed by the application of any additional techniques or controls required to remove, obscure, aggregate, alter and/or protect data in some way so that it is no longer about an identifiable (or reasonably identifiable) individual.

The Foundation also uses controls and safeguards in the data access environment, which appropriately manages the risk of re-identification.

COOKIES

The Foundation's website may use cookies to collect statistics on visitor traffic. No personal information is collected, rather the patterns of usage of visitors to the website may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user site traffic patterns.

The Foundation’s website may also use Google Analytics features which allow us to tailor our marketing to better suit your needs.

If you prefer not to allow this, you may be able to adjust your browser to turn off the use of “cookies” or notify you when they are being used. However, if you disable cookies, you may not be able to access certain areas or take advantage of certain features of the Foundation’s website. If you choose to not have your browser accept cookies from the Foundation’s website, you will need to re-enter your personal information each time that you attempt to access information. You can also opt out of programs like Google Analytics if you wish: https://tools.google.com/dlpage/gaoptout/.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

You have the right to access the personal information we have about you. The Foundation will handle requests for access to personal information in accordance with Australian Privacy Laws. To request access to your personal information, please contact our Privacy Officer using the contact details at the end of this privacy policy.

When you request access, we may need to take measures to verify your identity. If you would like a copy of the personal information that we have about you, in order to verify your identity, please send the request to our Privacy Officer in writing, by mail or email set out at the end of this Privacy Policy. In some cases, we may need time to consider and respond to your request for access. If we need time to consider your request, we will acknowledge your request within 7 days and respond within 30 days after your request is made.

If you believe that your personal information held by us is inaccurate, incomplete or out of date, you may contact us using the contact details at the end of this Privacy Policy to request that we correct that information. In most cases, we will amend any inaccurate, incomplete or out of date information. If we are not able to correct your personal information in the way requested by you, we will notify you of our reasons for refusing your request (unless it would be unreasonable for us to do so) and let you know how you may make a complaint about our decision, should you wish to do so.

MAKING A COMPLAINT

You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting us in writing, by mail or email. We will generally acknowledge your request within 7 days and respond within 30 days after your request is made or let you know what the next steps are for resolving your complaint. If we are not able to resolve your complaint, you may wish to contact the Office of the Australian Information Commissioner about your other options.

MAKING CONTACT WITH US

If you would like to access your personal information held by us or wish to make a complaint about the way we have collected, used, held or disclosed your personal information, please contact:

Phone: (02) 9382 6720
Email: elise@royalwomen.org.au
Mail: Attention: Privacy Officer c/ Director of Operations & Philanthropy, The Royal Hospital for Women Foundation, Locked Bag 2000, Randwick NSW 2031

If you wish to obtain additional information about your privacy rights and how you can enforce them, please contact the Office of the Australian Information Commissioner.