Monash Health Foundation
This statement should be read in conjunction with the Monash Health privacy statement.
Monash Health Foundation (the Foundation) values your privacy.
This privacy statement sets out the Foundation’s practices in relation to the collection use, storage and disclosure of personal information. The Foundation is bound by the Privacy Act 1988 (Cth) (the Privacy Act) as well as other applicable laws protecting privacy, including State and Territory health information legislation (Australian Privacy Laws).
The Foundation may modify or update this privacy statement from time to time by publishing a modified or updated version of it on its website. The Foundation encourages individuals to check the Foundation’s website periodically to ensure that they are aware of the Foundation’s current privacy statement.
By providing personal information to us, you consent to our collection, use and disclosure of that personal information on the terms of this privacy statement and any other contractual or other arrangements that apply between us (if any).
What personal information does the Monash Health Foundation collect and why?
The Foundation collects personal information from donors, supporters, volunteers, patients and other contacts that is necessary for it to perform its functions. The types of personal information the Foundation collects, and the purposes of collecting that information, include:
- Donors: When you make a donation, including via this website, in person, over the phone, by direct deposit, via email, by post, or through our fundraising personnel or volunteers as part of any of our fundraising events or activities or at our offices, the Foundation collects and stores in our database your name, phone number, address, email address, date of birth, and other contact information. With your consent, this information may include health or other sensitive information, for example, we may ask you if you or your family members have been treated by a service within Monash Health previously. We will use this information to process your donation, complete your tax receipt, and send you further information about the Foundation for promotional purposes.
- Supporters and volunteers: The Foundation may also collect its supporters’ and volunteers’ names, phone numbers, addresses, email addresses, and other contact information, records of communication between them and the Foundation and other personal information about our current and potential supporters and volunteers so that we can encourage, record and acknowledge their support and communicate with them about the Foundation and our activities.
- Patients: The Foundation may receive or request details about individual patients, such as their name, age and with the patient’s consent, their medical condition, medical treatment, and medical history, for promotional purposes, and may communicate directly with patients and their families for this purpose. All patient information received and collected by the Foundation will be treated in the strictest confidence, and will not be made public without prior patient consent.
- Distributing publications: We collect contact details (which may include name, phone number, address, email address, and other contact information) when individuals contact or interact with us in order to distribute newsletters and other communications in print and electronic form from time to time. Recipients may choose to have their contact details removed from our distribution lists by contacting us using the contact details at the end of this privacy statement.
- Conducting events: We collect contact details, donation history and other personal information, including photographs and videos, about patients and their family members, donors, volunteers and other supporters who wish to join or participate in our events, programs we conduct and our publications. This information is used to administer these events, promote and seek support for such events, share individuals’ stories with the community and for the activities of the Foundation. With the consent of the relevant person, this information may include health or other sensitive information.
- Assisting with your queries: You may choose to provide us with your name or other contact details when you call us by phone or write to us so that we can respond to your requests, for our newsletter or for other information about the Foundation’s services or operations.
- Conducting our general business activities: The Foundation collects personal information about individuals who are, or are employed by, our suppliers (including service and content providers), contractors and agents for our general business operations.
- Applying for a position (as a volunteer) with the Foundation: We may collect your personal information, including name and contact details, information about your volunteering history and relevant records checks (including criminal and working with children checks) when you apply for a volunteer position with us, in order for us to assess your suitability for that or other positions. With your consent, this information may include information or an opinion about your criminal record or other sensitive information.
- Credit Card Data: Any credit card transactions information processed via our database is not stored by the Foundation, but rather with a contracted cloud based third party storage provider. Credit card transaction data for recurring donations is stored tokenised in a secure payment gateway that is PCI compliant. Any manual forms returned to the Foundation with credit card details on them are masked and stored securely.
Generally, we collect information directly from the relevant individual. Sometimes, we may need to collect information about an individual from third parties including parents, carers, guardians or other third party information sources. We will do this if the individual has consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from the individual.
Provision of your personal details is the most effective method for the Foundation to communicate with you, and to assist in the efficient delivery of services.
How do we use and disclose personal information?
We use and disclose personal information we collect to:
- process donations and communicate with our donors and supporters, including sending them information (which may be by phone, post, email or other electronic means directly from us or a third party mailing house);
- communicate with donors and supporters, patients and their family members, employees and volunteers (including responding to queries and complaints) and to distribute our publications, conduct fundraising events, appeal for further donations and support and raise awareness about our fundraising activities and our mission; and
- conduct our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities and assessing applicants for positions with us.
The disclosures referred to above may include disclosure to our third parties such as our contractors, service providers, partners, employees and volunteers only to the extent necessary for them to perform their duties to us. We use a range of suppliers, service providers, contractors and partners to enable us to perform the activities and functions of the Foundation. They include information technology service providers, direct marketing agencies, banks, credit card companies and recruitment agencies.
Such disclosure may include disclosure to contractors and services providers located outside of Australia, including in the United States of America, Japan, China, Hong Kong, the United Kingdom and Canada. The privacy laws of these countries may not provide the same level of protection as the Australian Privacy Laws.
We take all reasonable steps to ensure that overseas recipients of personal information handle the information in accordance with the Privacy Act and the Australian Privacy Principles contained therein.
We may also disclose the personal information of patients to their family members or guardian, for the purpose of discussing stories about their experience with Monash Health which the patients have agreed to share via our publications or for other fundraising activities. We may, with your permission, also send the patient stories to third parties to help promote their fundraising efforts for the Foundation and refer to patient stories in our publications, including on our website. Any personal information disclosed via our website may include disclosure to recipients who access our website in countries outside Australia.
How secure is your personal information?
Your personal information is stored with a third party storage provider. We regard the security of your personal information as a priority and implement a number of physical and electronic measures to protect it, including the use of passwords and firewalls. We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.
The Foundation’s website may also use Google Analytics features which allow us to tailor our marketing to better suit your needs.
If you prefer not to allow this, you may be able to adjust your browser to turn off the use of “cookies” or notify you when they are being used. However, if you disable cookies, you may not be able to access certain areas or take advantage of certain features of the Foundation’s website. If you choose to not have your browser accept cookies from the Foundation’s website, you will need to re-enter your personal information each time that you attempt to access information. You can also opt-out of programs like Google Analytics if you wish: https://tools.google.com/dlpage/gaoptout/.
Accessing and correcting your personal information
Generally, you have the right to access the personal information we have about you. The Foundation will handle requests for access to personal information in accordance with Australian Privacy Laws. To request access to your personal information, please contact us using the contact details at the end of this privacy statement.
When you request access, we may need to take measures to verify your identity. If you would like a copy of the personal information that we have about you, in order to verify your identity, please send the request in writing, by mail set out at the end of this privacy statement. In some cases, we may need time to consider and respond to your request for access. If we need time to consider your request, we will acknowledge your request within 28 days and respond within 8 weeks after your request is made.
Depending on the information you want to access, where it is stored and the time it will take us to respond to your request for access, we may charge you a fee for the administrative cost of providing the information to you. This charge will not be excessive. If for any reason we refuse to give you access to your personal information or do not give you access in the manner in which you have requested, we will provide you with a written notice giving you the reasons for our refusal (unless it would be unreasonable for us to do so).
If you believe that your personal information held by us is inaccurate, incomplete or out of date, you may contact us using the contact details at the end of this privacy statement to request that we correct that information. In most cases, we will amend any inaccurate, incomplete or out of date information. If we are not able to correct your personal information in the way requested by you, we will notify you of our reasons for unable to action your request (unless it would be unreasonable for us to do so) and let you know how you may express your concerns about our inaction, should you wish to do so.
Making a complaint
You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting us in writing, by mail or email set out at the end of this privacy statement. We will generally acknowledge your request within 28 days and respond within 8 weeks after your request is made or let you know what the next steps are for resolving your concerns. If we are not able to resolve your concerns, you may wish to contact the Office of the Australian Information Commissioner, who will be able to provide you with information about your other options.
Making contact with us
Phone: +61 (3) 9594 2700
Mail: Director, Monash Health Foundation, Lock Bag 29, Clayton South VIC 3169
If you want to obtain additional information about your privacy rights and how you can enforce them, please contact the Office of the Australian Information Commissioner.