Login
Login

Privacy Policy

Our ongoing commitment

Introduction

Sydney Children's Hospitals Foundation Limited (ACN 003 073 185) (the Foundation) values your privacy.  

This privacy policy sets out the Foundation's practices in relation to the collection use, storage, and disclosure of personal information. The Foundation adheres to the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW) in handling personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website, and we may also notify you of significant changes via email or other appropriate means. 

What information do we collect and why?

By donating to the Foundation or otherwise providing your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. You may withdraw your consent at any time by contacting our Privacy Officer.  

The Foundation collects personal information from employees, donors, supporters, volunteers, patients, and other contacts that is necessary for us to perform our functions.   

Generally, we collect information directly from the relevant individual. Sometimes, we may need to collect information about an individual from third parties including parents, carers, guardians, or other third-party information sources. We will do this if the individual has consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from the individual.  

The types of personal information we collect, and the purpose of collecting that information varies depending on the context. We have included an overview of the types of personal information we collect, and for what purposes, for a range of circumstances below.

Unsolicited Personal Information

If you provide personal information that SCHF has not requested and which could not have been lawfully collected if solicited, the Foundation will destroy or de-identify the information as soon as practicable, in line with the Australian Privacy Principles. If the information could have been lawfully collected, it will be managed per this Privacy Policy.

Anonymity

Where practicable, you will have the opportunity to engage with the Foundation anonymously or using a pseudonym. If you request not to be identified, and the Foundation does not require personal information to provide services or fulfill your request, personal information will not be collected. The Foundation will accommodate such requests where lawful, possible, and practical.

Donors/Fundraisers

When you donate, including via this website, in person, over the phone, by direct deposit, via email, by post, or through our fundraising personnel or volunteers as part of any of our fundraising events or activities or at our offices, we collect and store a range of information in our database. We use this information to process your donation, complete your tax receipt, and send you further information about the Foundation for promotional purposes. This information also allows us to develop a personalised experience for donors. The personal information we collect includes: 

  • contact details such as your name, phone number, address, email address,  
  • demographic information such as date of birth,  
  • payment and billing details (including credit card details if relevant), and  
  • other information relevant to your donation and ongoing relationship with The Foundation.

On some occasions, this information may include health or other sensitive information, which we will only collect with your consent. For example, we may ask you if you or your family members have been treated by a service within the Sydney Children's Hospitals Network previously, or we may collect details related to your health or other sensitive information so we can ensure we understand your needs as a donor. 

In some instances, we may seek further contextual information to better understand and be sensitive to the circumstances and needs of large-scale donor relationships. This may include accessing news or media articles, or publicly available information on social media platforms.

Supporters and volunteers

The Foundation may also collect supporters' and volunteers' names, phone numbers, addresses, email addresses, demographic information such as date of birth, and other contact information, records of communication between them and the Foundation and other personal information about our current and potential supporters and volunteers so that we can encourage, record, and acknowledge their support and communicate with them about the Foundation and our activities.

Patients

The Foundation may receive or request details about individual patients, such as their name, age and with the patient’s consent, their medical condition, medical treatment, and medical history. We may use this information for media purposes and will communicate directly with patients and their families for this purpose. All patient information received and collected by the Foundation will be treated in the strictest confidence and will not be made public or distributed to the media without prior consent from the patient.

Distributing publications

When individuals contact or interact with us, we collect personal information so that we can distribute newsletters and other communications in print and electronic form. This information includes contact details such as name, phone number, address, email address, and other relevant information. Recipients may choose to no longer receive communications from the Foundation by contacting our Privacy Officer using the contact details at the end of this privacy policy.

Conducting events

We collect personal information about patients and their family members, donors, volunteers, and other supporters who wish to join or participate in our events and other programs we conduct. The types of personal information we collect includes contact details, donation history and, in some cases, other personal information such as photographs and videos. We use this information to organise, promote, and seek support for these events, and overall to support the fundraising activities of the Foundation. With consent and where relevant, we sometimes also collect health information or other sensitive information.

Applying for a position (as a volunteer or employee) with the Foundation

If you apply for a position with the Foundation, we collect your personal information to assess your suitability for that position, and if successful, for ongoing employment purposes. The information we collect includes name, contact details, and information about your working history or other relevant details you may share with us. Depending on the position, we require candidates to undergo relevant employment-related checks (including criminal and working with children checks), which will require additional personal information to be collected by the Foundation as well as a third-party record check provider. With your consent, this information may include information or an opinion about your criminal record or other sensitive information.

Suppliers

The Foundation collects personal information about suppliers, including individuals who are employed by our suppliers (including service and content providers), contractors and agents for our general business operations.

When you contact us or visit our website

If you contact us or make an enquiry (including when you call us by phone, message us on social media, or write to us), you may choose to provide us with your name or other contact details so that we can respond to your requests, or to provide our newsletter or other information about the Foundation's services or operations. Provision of your personal details is the most effective method for the Foundation to communicate with you, and to assist in the efficient delivery of services.  

The Foundation's website may use website tracking pixels and cookies to collect statistics on visitor traffic and to understand how people use our websites. We do not collect personally identifying information, the patterns of usage of visitors to the website may be tracked for the purposes of providing improved service and content based on an aggregate or statistical review of user site traffic patterns.  
  
The Foundation’s website may also use Google Analytics features which allow us to tailor our marketing to better suit your needs. If you prefer not to allow this, you may be able to adjust your browser to turn off the use of “cookies” or notify you when they are being used. However, if you disable cookies, you may not be able to access certain areas or take advantage of certain features of the Foundation’s website; for example, you may need to re-enter your personal information each time that you attempt to access information. You can also opt out of programs like Google Analytics if you wish, by using the following tool: https://tools.google.com/dlpage/gaoptout/

Cookies

Our website uses cookies to enhance your browsing experience, provide personalised content, and improve our services. Cookies are small text files stored on your device when you visit a website, helping us recognise your device, track preferences, and analyse usage to improve functionality and content. We use both first-party cookies, which are essential for the site’s functionality and do not collect personal data, and third-party cookies, which help us understand website performance, offer relevant content, and maintain security. 

You can manage your cookie preferences at any time, either through our cookie consent banner or your browser’s settings. Disabling cookies may affect your experience on our website. For guidance on managing cookies in common browsers, you can refer to Chrome, Safari, Firefox, or Microsoft Edge.

For more information, please read our full Cookies Policy.

Credit Card Data

We collect credit card information to process donation payments. Any credit card transactions information processed via our database is not stored by the Foundation, but with a contracted cloud-based third-party storage provider. Credit card transaction data for recurring donations are stored tokenised in a secure payment gateway that is PCI-DSS compliant. Any manual forms returned to the Foundation with credit card details on them are masked and stored securely.

Donors using Amex Cards may have your personal information, transaction data and other information provided to American Express Australia Ltd ABN 92 108 952 085 and its affiliates, agents, subcontractors, and employees in the course of delivering the Services. Amex will collect, hold and use the Personal Information and transaction data in accordance with Amex’s privacy policy.

How do we share your personal information?

In some instances, we may provide the personal information we hold to third parties. We engage a variety of suppliers, service providers, contractors, and partners to support the activities and functions of the Foundation. These may include information technology service providers, direct marketing agencies, banks, credit card companies, and recruitment agencies.

Examples of this sharing may involve providing personal information to contractors and service providers located outside of Australia, including New Zealand, United States, Japan, China, Hong Kong, the United Kingdom, and Canada. While the privacy laws in these countries may not offer the same level of protection as Australian Privacy Laws, we take all reasonable steps to ensure that overseas recipients of personal information handle the information in accordance with the Australian Privacy Principles outlined in the Privacy Act.

To further ensure data security, we utilise a robust definition of “provision,” which includes a thorough vetting process for any suppliers we engage. We have established a Data Steering Committee that approves all suppliers, ensuring that checks are conducted before selecting any third party to handle personal information. Additionally, we require contractors and service providers to comply with our security guidelines and sign our Supplier Privacy Agreements prior to commencing any work, ensuring their adherence to the Privacy Act.

We may also disclose the personal information of patients to their family members or guardians for the purpose of discussing their experiences with the Sydney Children's Hospitals Network. This is done only with the patients’ consent and may involve sharing their stories through our publications, including our website, or for other fundraising activities. With the patient's permission, we may also send their stories to third parties to help promote their fundraising efforts for the Foundation. Please note that any personal information disclosed via our website may include recipients accessing our site from countries outside of Australia.

Who may act on a patient’s behalf?

The following responsible persons may, depending on the circumstances of a patient, be treated as being able to act on a patient's behalf for the purposes of this privacy policy and the collection, use and disclosure of personal information:

  • a guardian, parent, carer, or other person responsible for the care of the patient.  
  • someone with a general power of attorney or a power of attorney which includes health-related power.  
  • a person recognised under a law as responsible for any aspect of the care or welfare of the patient which is relevant to something the Foundation does or intends to do; and  
  • a person nominated in writing by the patient while the patient is capable of giving consent.

How secure is your personal information? 

SCHF commits to preserving the security of your personal information and this extends to our storage protocols with our trusted third-party provider. We implement a combination of physical and electronic security measures, incorporating robust password protections and firewalls to uphold the confidentiality and integrity of your data. However, it's imperative to recognise that despite our meticulous precautions in electronic transmission protection, the internet inherently carries security risks beyond our direct control. Nevertheless, be assured that we persistently endeavour to mitigate these risks, remaining vigilant in our commitment to upholding the utmost standards of data security. In the event of any security breach, we pledge to promptly address and resolve the matter while maintaining transparency with our supporters.

Transaction Security

Only authorised SCHF staff members are permitted to input transactions into our Customer Relationship Management (CRM) system via Ezidebit. This ensures that sensitive financial data is handled securely and exclusively by designated personnel.  

Credit Card Handling

All credit card details recorded on donation forms are securely stored in a locked location. Once entered into our system, credit card information is promptly obscured on the form to prevent unauthorised access.

CVV Protection

To bolster security, Card Verification Values (CVVs) are not captured or documented on any donation forms. This information is never stored or transmitted, ensuring the highest level of safeguarding for donors' financial data.

Password Protection

Access to our CRM system is safeguarded by individual passwords, and it is strictly prohibited to share these credentials with others. Each staff member bears the responsibility of safeguarding their password to uphold the integrity and security of our data.

Accessing and correcting your personal information 

You generally have the right to access the personal information we hold about you. The Foundation will manage requests for access to personal information in accordance with the Privacy Act and the Health Records Information Privacy Act (HRIP Act). To request access to your personal information, please contact our Privacy Officer using the contact details provided at the end of this privacy policy.  

When you request access, we may need to verify your identity. If you would like a copy of the personal information we hold about you, please submit your request in writing to our Privacy Officer at the address listed below. Please note that it may take some time for us to consider and respond to your request for access.  

If we are unable to provide you with access to your personal information or cannot fulfill your request in the manner you specified, we will issue a written notice outlining the reasons for our refusal, unless it would be unreasonable for us to do so.  

If you believe that the personal information, we hold about you is inaccurate, incomplete, or out of date, you can contact our Privacy Officer using the contact details provided below to request a correction. In most cases, we will amend any inaccuracies or incomplete information. If we cannot correct your personal information as requested, we will inform you of our reasons for denying your request, unless it would be unreasonable for us to do so. Additionally, we will provide information on how you may lodge a complaint regarding our decision, should you choose to do so.  

Making a complaint 

You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act or the HRIP Act, by contacting our Privacy Officer in writing, by mail or email set out at the end of this privacy policy. We will generally acknowledge your request within 14 days and respond within 30 days after your request is made or let you know what the next steps are for resolving your complaint. If we are not able to resolve your complaint, you may wish to contact the Office of the Australian Information Commissioner (whose contact details are set out below), who will be able to provide you with information about your other options.

Data Breach Response 

In the event of a data breach involving personal information, we have procedures in place to promptly assess and mitigate the breach, notify affected individuals where required by law, and take steps to prevent similar incidents in the future.

Contacting us 

If you would like to access or correct your personal information held by us, or wish to make a complaint about the way we have collected, used, held, or disclosed your personal information, please contact our Privacy Officer:  
  
Phone: 1800 770 122  
Email: info@schf.org.au  
Mail: Privacy Officer, Sydney Children's Hospitals Foundation, Locked Bag 9002, WESTMEAD NSW 2145  

If you want to obtain additional information about your privacy rights and how you can enforce them, please contact the Office of the Australian Information Commissioner.