RAATSICC takes your privacy seriously.
- How we collect and handle your personal information
- Who we exchange your personal information with
- How you can access and correct your personal information
For information about the use of RAATSICC websites including disclaimers, warranties and terms and conditions, please contact us.
1.1 RAATSICC ABN 29 076 247 836 (“RAATSICC”, “we”, “our” or “us”) is an Australian registered charity that supports all aspects of lung health. We have a proud history of provide a variety of culturally informed services to children, young people, individuals, families and carers by information sharing and providing tools to promote self determination.
1.2 We respect the privacy of the personal information you may provide to us when we deal with you – for example as volunteers, members, donors, customers, patients, carers, employees and stakeholders. The way we manage your personal information is governed by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) established under the Privacy Act.
Your acknowledgement and consent
Users 16 and under
1.5 If you are aged 16 or under, you must obtain your parent or guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information.
2. What is Personal information?
2.2 Examples of personal information include an individual’s name, address, telephone number and date of birth.
3. Collecting personal information
What kinds of personal information do we collect and hold?
3.1 The types of personal information we may collect include, but are not limited to:
(a) contact details and other details including:
(i) your full name and date of birth, and personal contact details (including your address, landline or mobile telephone numbers, fax number and e-mail address); and
(ii) contact and identification details of any third party that you have authorised to negotiate or provide your personal information on your behalf (including any attorneys appointed by you under a power of attorney or in relation to bequests an Executor of your Estate);
(b) banking and payment details including tax file numbers, ABN, bank account and credit card information, and any other information required for us to sell online products, accept donations and membership fees;
(c) where relevant, your employer details (for example if you participate in workplace giving);
(d) corporate details including your company name, job title and business sector, and any other information required for us to engage in a corporate partnership relationship with you;
(e) volunteering details including your resume, and any other information required for us to approve you as an RAATSICC volunteer;
(f) if you are a health professional, your professional information including but not limited to:
(i) professional accreditation details;
(ii) practice details (including address, contact details and banking information);
(iii) relevant employment history; and
(iv) academic / publication history.
(g) any information required for security and screening purposes (for example your photograph or copy of your Blue Card);
(h) any correspondence between you and RAATSICC; and
(i) any other personal information provided to us when you make an inquiry, request information (including our information packs and information about our related products and services), respond to marketing or lodge a complaint.
3.2 We may also collect sensitive information from you.
3.3 Sensitive information is defined by the Privacy Act to be certain kinds of personal information. Examples of sensitive information that we may collect from you through providing information and other services to you include:
(a) health and medical information – for example: patient or treatment history provided when seeking advice from the RAATSICC Information & Support Centre or participating in disease registries, research programs or clinical trials; and
(b) criminal history, affiliations with any advocacy / political groups (if you are dealing with us on behalf of a particular groups).
How do we collect personal information?
3.5 Where possible, we will always try to collect personal information directly from you – for example when you:
(a) request information, contact or deal with us through our website or Information Support Centre, or contact us by telephone;
(b) correspond with us in writing (such as letters and emails); or
(c) meet with us in person.
3.6 We may also obtain your personal information from third parties we deal with, such as:
(a) any person you authorise to deal with us on your behalf; and
(b) any other organisation with whom we deal.
3.7 Where we collect personal information from third parties you refer to us, we will assume, and you should ensure, that you have made that third party aware of the referral and the purposes of collection, use and disclosure of the relevant personal information.
4. Dealing with us anonymously
4.1 Whenever it is lawful and practicable, you will have the option of not identifying yourself when dealing with us. For example, general access to our website does not, and general telephone queries do not, require you to disclose personal information about yourself.
4.2 However, there are parts of our website where we may need to collect personal information from you for a specific purpose – for example, to provide you with certain information or publications you request, or to process transactions, or for access to specialized forums or training.
5. Why do we collect, hold, use and disclose personal information?
5.1 We collect, use and disclose your personal information to enable us to provide services, products and information to assist individuals and health care professionals in their understanding, involvement with and support of lung disease, and to otherwise carry out our functions and activities.
5.2 In particular, we may collect, use and disclose your personal information in order to:
(a) respond to your requests or inquiries;
(b) provide you with the services, products and information you requested. For example, providing you with information, upcoming event information, promotions or special offers such as sending you a free quarterly newsletter;
(c) enable you to make a donation or purchase a product from us online including:
(i) making a personal donation or a donation on behalf of a company, organisation, community club or school;
(ii) making a bequest; and
(iii) making a donation in memoriam;
(d) enable you to become an RAATSICC member, corporate partner, volunteer, employee or affiliated health care professional, and engaging in a business or other commercial relationship with you;
(e) process your registration for any training courses we provide;
(f) enable you to participate in research initiatives;
(g) enable you to engage in fundraising initiatives and awareness campaigns for RAATSICC;
(h) communicate with you during the course of your relationship with us;
(i) notify you about important changes or developments to our functions, activities, services or our website and improving our customer services (for example, using customer feedback to improve our website’s ease of use and efficiency);
(j) administer, support, improve and develop our organisation and services;
(k) update and maintain our records – for example, account management and administering records of our subscription services;
(l) if you lodge a complaint with us – process and respond to your complaint;
(m) any other purpose which relates to or arises out of requests made by you;
(n) do anything which you authorise or consent to us doing; and
(o) take any action we are required or authorised by law to take.
5.3 RAATSICC will not sell, trade or rent personal information we hold about you to unaffiliated third parties without your prior consent.
6. Disclosing your personal information
6.1 In carrying out our functions and activities set out above, we may disclose your personal information to the following:
(a) our business partners, stakeholder and service providers (such as our sponsors, other health associations, medical bodies, community groups, Federal and State Government bodies, and contractors who may provide website, IT, marketing, administration and other services to support RAATSICC);
(b) our professional advisers (for example, our insurers, auditors, lawyers and consultants);
(c) third parties we engage to carry out promotions or other activities you have requested, or for direct marketing purposes (unless you have opted-out of direct marketing communications);
(d) any entity to whom we are required or authorised by law to disclose your personal information (for example, law enforcement agencies and government and regulatory authorities such as federal and state health departments);
(e) any successors in title to our organization or business trading activities as provided for in the Constitution of RAATSICC; and
(f) other entities with your consent (express or implied).
6.2 The above entities may in turn disclose your personal information to other entities as described in their respective privacy policies or notices.
6.3 To help the Lung Foundation to reach more generous supporters like you, occasionally the Lung Foundation may collaborate with other like-minded charitable organisations on mailings with information that we believe may be of interest to you. These like-minded charitable organisations usually allow us to do the same, and by collaborating like this we can reach more people with vital charitable information.
7. Direct Marketing
7.1 If you consent to your personal information being used for direct marketing, we may use your personal information to provide you with information about products, fundraising activities, services and promotions.
7.2 If you do not wish to receive such information, you can opt-out at any stage. If you decide to opt-out, you will be removed from RAATSICC’s marketing database to ensure that you do not receive future direct marketing material.
7.3 There may be times, however, when the law requires us to provide certain information to you (for example health and safety information). We will continue to send this information to you.
8. Overseas disclosure of personal information
8.1 From time to time, RAATSICC may engage service providers located in one or more overseas countries to perform certain of our functions and activities. In the course of providing services to RAATSICC, we may need to disclose your personal information to these service providers. If overseas service providers are engaged and personal information is sent overseas, we will take reasonable steps to ensure that our service providers are carefully chosen and have policies, procedures and systems in place to ensure your personal information is otherwise handled in accordance with the Privacy Act.
9. Dealing with us online
9.2 When you visit our website, we and/or our contractors may collect certain information about your visit. Examples of such information may include:
(b) Site visit information
We also collect general information about your visit to our website. The information we collect is not used to personally identify you, but instead may include your server address, the date and time of your visit, the pages you accessed and the type of internet browser you use. This information is aggregated and used for the purposes of system administration, to prepare statistics on the use of our website and to improve our website’s content.
(c) Online payment systems
We use third party payment process providers whose services meet stringent security requirements including Level 1 PCI DSS compliance, EMV certification and ISO 9002 accreditation. When you enter your payment details online, you are using a secure site which uses 1024 bite tunnelling encryption to protect your information during transmission. Transactions are protected by encryption technology and a combination of firewalls and intrusion detection systems.
(d) Login information
Some functions of the website and other online tools are subject to specific login credentials before access is granted. This may include forums and health professional related information. We may also collect personal information (including financial details) to facilitate future visits or use of our website (for example: payment details for repeated online shopping).
We seek to keep current with available security encryption technology so as to maintain the effectiveness of our security systems.
9.3 However, no transmission over the internet can be guaranteed as totally secure and accordingly, we cannot warrant or ensure the security of any information you provide to us over the internet. Please note that you transmit information at your own risk.
10. Social media
11. Personal information storage and security arrangements
11.1 We take reasonable steps to protect your personal information from interference, loss, misuse, unauthorised access, modification or disclosure. We may store your personal information in different forms, including in hardcopy and electronic form. We have established policies, procedures and systems to keep your personal information secure – including but not limited to password protection and securing physical storage arrangements.
11.2 When we no longer require your personal information, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner. However, we may sometimes be required by law to retain certain personal information.
12. Accessing and correcting your personal information
Correcting your personal information
12.1 So that we can carry out our activities and functions, it is important that the personal information we hold about you is complete, accurate and up to date. At any time while we hold your personal information, we may request that you inform us of any changes to your personal information. Alternatively, if you believe that any of the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading or needs to be corrected or updated, please contact us using our Contact Details below . We will respond to a request to correct your personal information within a reasonable time.
12.2 If we refuse to correct your personal information, you may request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Accessing your personal information
12.3 You may also request access to the personal information we hold about you by contacting us using our Contact Details provided below. We will respond to a request for access within a reasonable time – either by giving you access to the personal information requested, or by notifying you of our refusal to give access.
Access and correction arrangements generally
12.4 We may require you to submit your requests in writing and require that you verify your identity before we respond to any request.
12.5 We will not charge you an application fee for making a request to access the personal information we hold about you or for requesting any correction to your personal information.
12.6 However, in certain circumstances we may charge you a fee for providing you with access to your personal information, for example if you make multiple request for information, the information requested is voluminous or we incur third party costs in providing you with access to your personal information.
12.7 If we cannot respond to you within a reasonable time (generally within 30 days), we will contact you and provide a reason for the delay and an expected timeframe for finalising your request.
12.8 Please note that in certain circumstances, we are permitted by law to refuse to provide you with access to your personal information.
12.9 If we decide not to provide you with access to or correct your personal information, we will provide you with written reasons for our decision and advise you of the further complaint mechanisms available to you.
13. Lodging a complaint
13.1 If you have a complaint about how we handled your personal information or about any decision to refuse access or correction of your personal information, please contact us using the Contact Details below. We will request that you lodge your complaint in writing.
13.2 We will acknowledge receipt of your complaint as soon as possible after receiving your written complaint. We will then investigate the circumstances of your complaint and provide you with a response within a reasonable timeframe.
13.3 If you are still not satisfied with how your complaint is handled by us, then you may lodge a formal complaint with the Office of the Australian Information Commissioner at:
(a) Telephone: 1300 363 992 (if calling from outside Australia including Norfolk Island please call: +61 2 9284 9749)
(b) National Relay Service:
(i) TTY users phone 133 677 then ask for 1300 363 992
(ii) Speak and Listen users phone 1300 555 727 then ask for 1300 363 992
(iii)Internet relay users connect to the National Relay Service then ask for 1300 363 992
(c) Post: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
(d) Fax: +61 2 9284 9666
(e) Email: email@example.com
(f) Website: http://www.oaic.gov.au/privacy/making-a-privacy-complaint
14. Our Contact details
14.2 You may contact us on:
(a) Telephone: (07) 4030 0900 and ask for the General Manager – RAATSICC.
(b) Post: General Manager – RAATSICC, 124 Spence Street Cairns Qld 4870
(c) Email: firstname.lastname@example.org
(d) Website: https://raatsicc.org.au/privacy-policy/
15. NOTIFIABLE DATA BREACHES
15.1 The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires RAATSICC to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. RAATSICC will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See www.oaic.gov.au for further information.