Privacy Policy Cancer Council Tasmania
The Privacy Act 1988 (‘the Act’) and the Personal Information Protection Act 2004 (Tas) recognises that people are protective of their personal details and places strict limits on how such information is collected and handled by private sector organisations. We are committed to protecting personal and health information in accordance with these laws - in providing support and advice services to persons with cancer, their families, health professionals, and the community, carrying out cancer research, conducting fundraising and advocacy services.
Any recorded information which can identify a person is subject to this legislation and the National Privacy Principles (‘NPP’s). Under the Act, Cancer Council Tasmania’s business activities fall under the definition of ‘health service provider’. As a result, there are certain obligations, rights and responsibilities incumbent upon our organisation concerning privacy and confidentiality.
PURPOSE
Cancer Council Tasmania (‘CCT’, ‘we’, ‘our’ and ‘us’) understands that personal information can be used to identify a person and should only be used in limited circumstances. Personal information concerning employees is confidential and CCT will only use it for purposes that are relevant. This Policy outlines the circumstances surrounding the disclosure of personal information and outlines the policy on all matters of Privacy as it relates to our business. This policy covers all staff, volunteers, financial supporters of CCT, persons who are the subject of research conducted by and/or for CCT, and clients whose personal/clinical details are maintaining in CCT databases. This policy covers authorized uses of (and access to) data owned by CCT, and should be read in conjunction with CCTs Data Access Policy and Data Access Guidelines.
APPLICATION
1. Types of Information
The types of information we collect are defined in the Act as Personal Information, Sensitive Information and Health Information (“Information”).
1.1 Personal Information Personal Information is any information or opinion that can be used to identify a person or whose identity is reasonably ascertainable from the information or opinion. This includes any opinions about the person, whether true or not, no matter how the information or opinions are recorded.
1.2 Sensitive Information Sensitive Information is information about a person’s health, race or ethnic origin, political or religious beliefs or affiliations, membership of a trade union or association, sexual preferences, or criminal record.
1.3 Health Information Health information is personal information that is also information or an opinion about the physical, mental or psychological health of an individual, a disability of an individual, an individual's expressed wishes for the future provision of their healthcare, or a health service provided to an individual. Health information also includes personal information that is collected to provide a health service or in connection with the donation of an individual's body parts, organs or body substances, or personal information that is genetic information about an individual that is predictive of the individual's health.
2. Information We Collect
We collect Information from individuals both to whom we provide, and who help us provide, our services. This includes persons with cancer and their next of kin, employees, job applicants, donors, research study participants, recipients of support services, participants in advocacy campaigns, participants in education and training programs, health promotion projects or fundraising campaigns, health professionals, suppliers, volunteers, users of our social media pages and applications and our service providers.
The Information we collect will depend on who you are and the purpose for which it is collected. We only collect Information that is reasonably necessary to perform our functions or activities. The kinds of Information we may collect when dealing with you may include:
- your name, date of birth and gender;
- your contact information including address, postcode, email, telephone number and mobile number;
- your details regarding ethnicity e.g. country of birth, whether you are an Aboriginal or Torres Strait Islander or language spoken at home;
- payment or billing information (including bank account details, credit card details, billing address and invoice details) for donations or the supply of our Services;
- your current location, if you are using one of our mobile applications and consent to this collection;
- details relating to the Services we have supplied you; and
- your username and password for accounts set up on our website.
We may also collect the following types of Information from you if you are a:
2.1 Person affected by cancer:
- your health information and medical history in particular your history with and relationship to cancer including the type of cancer you have suffered, your treatments, genetic and biometric information.
2.2 Job applicant or employee:
- your employment history, qualifications, resume and job references;
- your fitness for work, including police checks and security information from government agencies or departments (including Working with Vulnerable People checks), health assessments and other personal information as part of your job application (only if appropriate and in compliance with the law);
- your banking details to process payments such as wages; and
- government related identifiers, such as your Tax File Number in compliance with the law.
2.3 Public participant in Cancer Council fundraising and support schemes and campaigns:
- your opinions via surveys and questionnaires;
- your insurance policies and details, which are only collected in limited circumstances such as where qualification for a particular Cancer Council program requires you to have certain insurances; and
- details relating to donations you have made to us.
Where practicable, you can deal with us anonymously, by using a pseudonym. You can also choose to not provide us with some or all of your Information. This may affect our ability to help or service you as fully as we would like.
3. How we Collect Information
Where reasonably practicable, we will collect your Information directly from you. This may be in person, on the telephone, by mail or online.
We may collect Information from third parties such as contractors (including fundraising service providers) who provide services to us and from health professionals and your next of kin (for example where you have consented, or are unable to provide us with your information directly or if a waiver has been granted).
When you access our website, we or our third-party service providers, may use “Cookies” (small data files placed on your device that do not identify individuals personally but do identify devices). We may also use software (such as Javascript), or similar technology.
This technology allows us to:
- Maintain the continuity of your browsing session;
- Remember your details and preferences when you return;
- Use Google Analytics to collect information such as demographics and interests, visits to our websites, length of visit and pages viewed; and
- Tailor our advertising through advertising networks on other websites.
You can set your browser to notify you when you receive a Cookie and this will provide you with an opportunity to either accept or reject it in each instance. Please note that if you do this, it may affect some of the functions on our website.
We may also gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
When you use our mobile applications, we may collect Information from you, such as your profile, location and other relevant information, which is used to provide our Services. By providing us with this information, you are consenting to our collection and use of this information.
4. How we Use Your Information
In addition to collecting and using your Information in order to carry out our services, we collect and use your Information for the purposes explained below:
CCT may collect Information to conduct and/or fund research into cancer causes, as well as prevention, diagnosis, treatment and survivorship. We also collect information to ensure we deliver our cancer support services effectively to our clients. Information collected for both these purposes is not used for direct marketing unless your consent is obtained for that purpose.
We may use Information, including your name, contact phone number, address and email address, to send marketing and promotional information by post, email, social media or telephone including SMS. You may opt-out of receiving direct marketing communications from us at any time. If you do not opt-out, we will assume we have your ongoing consent to send information and communications.
Depending on what services we are carrying out, we may collect Information for a number of purposes, including:
- To manage queries from or about a prospective, current or past employee;
- To provide information and support services, and to evaluate and report on these services;
- To provide information about cancer risk factors, such as UV exposure, tobacco and obesity, and to seek your support for campaigns;
- To facilitate your participation, including through making travel and other logistical arrangements;
- To enable individuals to assist us with volunteering, community fundraising, advocacy and other activities where we seek the community’s assistance; and
- Communicating with individuals in relation to our operations, activities and objectives, to verify their identity, to improve and evaluate our programs and services and to comply with applicable laws.
Whenever practicable, we will provide you with a collection statement setting out the purpose for the collection and how you can contact us regarding your Information.
5. Use and Disclosure of Your Information
CCT will endeavour at all times to:
- Only use or disclose Information about an individual in ways that are consistent with an individual’s reasonable expectations.
- Only use or disclose information about an individual for the purpose it was collected unless the person would reasonably expect such use or disclosure.
- Take reasonable steps to make sure that the Information collected, used or disclosed is accurate, complete and up to date.
- Take reasonable steps to protect the Information it holds from misuse and loss, and from unauthorised access, modification, or disclosure.
- Take reasonable steps to destroy information if it is no longer needed or permanently deidentify personal information if it is retained for historical or trend purposes.
- Only transfer Information to a recipient in a foreign country in circumstances where the information will have appropriate protection that is consistent with the National Privacy Principles.
- Only release de-identified research information to researchers who have;
- Complied with the requirements of CCTs Data Access Policy, and
- Provided evidence that they have obtained Ethics Approval from an appropriate Human Research Ethics Committee (HREC), in accordance with the legally binding guidelines issued by the National Health and Medical Research Council (NHMRC), and
- If required, have entered into a Memorandum of Understanding with CCT regarding limitations to the use of the requested data.
Other disclosures may include:
- External service providers : to health care professionals, lawyers, counsellors, auditors, financiers, volunteers, agencies and not-for-profits that provide us or you with services (only in limited and appropriate circumstances necessary to carrying out our Services);
- Other charities: we may provide de-identified statistical information to other charities for marketing purposes;
- Contractors and service providers: who perform services on our behalf, such as mailing houses, printers, information and web based technology services providers (including interstate or offshore cloud computing service providers), archiving services, database contractors and marketing agencies to perform services on our behalf;
- Partners in our education and training programs: who may liaise with you to facilitate your participation and provide post-program support
- Cancer Council Australia and other affiliate State and Territory Cancer Councils.
6. Security of Your Information
CCT stores Information electronically and in hard copy. We will take all reasonable steps to secure Information and protect it from misuse, interference or loss and from unauthorised access, modification or disclosure. Some of the ways we do this include:
- storage of electronic Information using a password protected electronic database;
- storage of hardcopy Information on secure premises only accessible by authorised people;
- using Secure Socket Layer ( SSL) certificates for encrypting your credit card and debit card numbers;
- financial information is encrypted on our servers and access to this information is restricted to authorised CCT staff; and
- backing up and archiving Information using secure archiving services.
Where Information is stored with a third party, we have arrangements which require those third parties to maintain the security of the Information. We take reasonable steps to protect the privacy and security of that Information. If you communicate with us via email or over the internet we cannot guarantee its security. If you believe that any of the Information we may hold about you has been compromised in any way please let us know immediately so that we can investigate.
7. How to Access Information
CCT will give an individual access to Information it holds about that individual on request, and subject to the applicable privacy laws. If CCT holds Information and the individual is able to establish that the Information is not accurate, complete or up to date we will take reasonable steps to correct that information.
If for any reason we deny access to any part of the Information that is requested, we will provide reasons for denial of access or correction.
8. How to update your Information
You can ask CCT to correct or update Information we hold about you at any time. We will need to verify your identity before making any corrections or changes to your information. We also have obligations to take reasonable steps to correct Information we hold once we have been notified that it is inaccurate, out-of-date, incomplete or irrelevant or misleading for the purpose for which it is held.
If you require access to, or wish to update your Information, please contact us directly.
9. Complaints
If you wish to make a complaint about our handling of your Information, please contact us. To provide you with an appropriate response, we will investigate your complaint and endeavour to provide you with a response within 30 days of receipt of your complaint. If you are not satisfied that your complaint has been resolved by us, you may make a complaint to: The Office of the Australian Information Commissioner (OAIC) which deals with complaints under the Privacy Act 1988 in relation to personal information. The OAIC can be contacted at:
Website: http://www.oaic.gov.au/about-us/contact-us
Telephone number: 1300 363 992
In writing: Office of the Australian Information Commissioner
GPO Box 5218, Sydney, NSW, 2001
VARIATION
CCT reserves the right to vary, replace or terminate this policy from time to time.
Cancer Council Tasmania aspires to create a culturally safe environment, which is spiritually, socially and emotionally safe for people; where there is no assault, challenge or denial of their identity, of who they are and what they need. It is about shared respect, shared meaning, shared knowledge and experience, of learning together with dignity, and listening and responding to their cultural needs.