What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The types of personal information Asthma Australia may collect includes;
- name, address and phone numbers
- age and dates of birth
- email address
- bank account or credit card details (for donors)
- employment details
- health information on asthma and related medical conditions
- language and cultural diversity information
- disability status
- schooling level
Some of these details are required to be collected due to program funding arrangements, or by law, for example;the Registered Training Organisation of Asthma Australia (Provider #4987) is required under the Standards for Registered Training Organisations (RTO) to collect Australian Vocational Education and Training Management Information Statistical Standard (AVETMISS Data) for any student undertaking nationally accredited training. The RTO is also required to collect a Unique Student Identifier (USI) from each student.
Whose personal information do we collect?
Asthma Australia collects personal information from people who are connected to our operations and activities – including employees, donors, research study participants, recipients of support services, participants in advocacy campaigns or health promotion projects, health professionals, suppliers, volunteers, students and service providers.
How do we collect your personal information?
Where possible, Asthma Australia will collect your personal information directly from you. This may be in person (for example, where you purchase a retail product in-store or attend an event or training session), on the telephone (for example, if you contact 1800 Asthma) or online (for example, if you sign up to receive information through Asthma Assist or attend a training session).
Asthma Australia also obtains personal information from third parties such as contractors (including third-party training providers), list vendors and health professionals. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, Asthma Australia will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.
Why do we collect your personal information?
Asthma Australia may collect your personal information for several purposes, including:
- Marketing: to communicate with you about donations, fundraising, products, services, campaigns, causes and events
- Support services: to provide you with information and support services, and to evaluate and report on these services
- Research: to conduct and/or fund research into asthma
- Health promotion: to provide you with information about asthma risk factors, such as high pollen count / pollution days, linked conditions, and to seek your support for campaigns
- Volunteering and other support: to enable you to assist us with volunteering, community fundraising, advocacy and other activities where we seek the community’s assistance
- Other issues: communicating with you in relation to our operations, activities and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.
Where Asthma Australia collects your personal information for a specific purpose not outlined above, we will provide you with a collection notice which explains the primary purpose and any related secondary purposes for which we are collecting your personal information.
Health information and other sensitive information
As part of administering our services, Asthma Australia may collect health information and other sensitive information. For example, we may collect medical history information from you, if you are participating in a health program. Asthma Australia will limit the collection of sensitive information to the minimum amount required to perform our services.
Asthma Australia may collect your health information for several purposes, including:
- to provide services or to carry out Asthma Australia functions;
- to assist Asthma Australia and its employees, volunteers and subcontractors to fulfill its duty of care to our service users;
- to plan, fund, monitor and evaluate services and functions including research programs;
- to comply with Department of Health and other funding bodies reporting requirements; and
- to investigate incidents with relation to service users and/or defend any legal claims against the service, or its employees.
What happens if you don’t provide all this information?
If you do not provide some or all the personal information requested, Asthma Australia may not be able to offer you services or provide you with information about our causes, events, programs and projects.
Using a pseudonym or engaging with us anonymously
Where practicable, you will be given the opportunity to engage with us on an anonymous basis, or using a pseudonym.
Website usage information and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
We use Google Analytics features based on Remarketing, Google Analytics Demographics, and Interest Reporting. These features use first-party and third-party cookies to inform and optimise content based on your past visits to our site.
We also use pixel tracking, which indicates when your computer has visited pages on our websites where a pixel has been installed. As with cookies, this does not identify you personally, only the device you are using.
Google Analytics informs us of how visitors use our site based on your browsing habits, so that we can improve our site to make it easier for you to find the information you are seeking. Google also receives this information as you browse our site and other websites on the Google Display Network using Remarketing.
If you would like to opt-out of customised Google Display Network services and Google Analytics for Display Advertising you can use Ad Settings. You can also use the Google Analytics Optout Browser Addon so you are not tracked into Google Analytics.
Opting out of direct marketing communications
Where Asthma Australia uses your personal information to send you marketing and promotional information by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information. By electing not to opt-out, Asthma Australia will assume we have your implied consent to receive similar information and communications in the future. Asthma Australia will always ensure that our opt-out notices are clear, conspicuous and easy to take up.
If you do not wish to receive direct marketing communications from Asthma Australia, please contact us at Asthma Australia, Level 13, Tower B, 799 Pacific Highway, Chatswood NSW 2067, Phone: 02 9906 3233 and email:firstname.lastname@example.org
Who does Asthma Australia disclose your personal information to?
Asthma Australia may need to disclose your personal information to others in order to carry out our activities. This may include:
- External support services: to health care professionals, lawyers, other professionals, counsellors, funders, financiers, co-ordinators, volunteers, service providers, agencies and not-for-profits that provide support services.
- Researchers to conduct research studies to the causes of asthma, as well as diagnosis, treatment and cures.
- Contractors and service providers who perform services on our behalf, such as mailing houses, printers, information technology services providers (including offshore cloud computing service providers), database contractors.
- Program evaluators, in line with program requirements or needs.
- State based Foundations where information is collected from people living in Western Australia and Northern Territory
- Government agencies including enforcement agencies where a statutory requirement to report certain matters arises during the collection of personal information.
Wherever Asthma Australia proposes to disclose your personal information to a third party not outlined above, Asthma Australia will contact you with a collection notice which explains the circumstances in which we might disclose your personal information.
Where personal information stored
Asthma Australia takes all reasonable steps to protect all of the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will be stored on a password protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.
Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years.
Where personal information is stored with a third party, Asthma Australia has arrangements which require those third parties to maintain the security of the information. Asthma Australia takes reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Your direct debit or credit cards
Asthma Australia uses Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.
Asthma Australia is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our alignment with this standard is reflected in the people, technologies and processes we employ.
Access to your personal information
Asthma Australia will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, Asthma Australia requests that you identify, as clearly as possible, the type(s) of information requested. Asthma Australia will deal with your request to provide access to your personal information within 30 days and you agree that we may charge you our reasonable costs incurred in supplying you with access to this information.
Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:
- access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
- access would have an unreasonable impact on the privacy of other individuals
- the request is frivolous or vexatious
- denying access is required or authorised by law or a court or tribunal order
- access would be unlawful, or
- access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.
If Asthma Australia refuses to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.
Updating your personal information
You may ask us to update, correct or delete the personal information we hold about you at any time. Asthma Australia will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. Asthma Australia also has obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out- of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
If you require access to, or wish to update your personal information, please contact us at Asthma Australia, Level 13, Tower B, 799 Pacific Highway, Chatswood NSW 2067, Phone: 02 9906 3233 and email: email@example.com
Notifiable Data Breaches
The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Asthma Australia to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Asthma Australia will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See www.oaic.gov.au/ for further information