Privacy

Our Privacy Commitment
 
The Hospital Research Foundation (THRF) Group is committed to the protection of personal information collected from its supporters, clients, lottery participants, employees, volunteers and other stakeholders. For information about how we handle your personal information, please see our privacy policy below.
 
Privacy Policy

The Hospital Research Foundation (THRF) Group respects your privacy and takes seriously the trust you place with us when sharing your personal details.

This Privacy Policy sets out how THRF Group manages your personal information and complies with its obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You should read this Policy before providing us with any personal information or using our websites.

We may revise this Policy from time to time. The revised Privacy Policy will take effect when it is posted on our websites.
 
 
What is personal information?
 
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

The types of personal information we collect may include your name, address and contact details, date of birth, credit/debit card or account information, health information and other information about your connection with the causes we support or the services we provide.

We collect personal information from people who are connected to our operations and activities including employees, supporters, donors/fundraisers, researchers/recipients of grant and research funding, lottery participants, recipients of health services, research participants, event and campaign participants, medical and health professionals, health authorities, suppliers, community organisations, volunteers and service providers.
 
How we collect your personal information
 
Where possible, we will collect your personal information directly from you. This may be in person, over the phone, by email or through our websites and other online platforms.

We also obtain personal information from third parties such as contractors (including fundraising and lottery service providers), medical and health professionals, health authorities and community workers. If we collect personal information about you from a third party we will take reasonable steps to ensure that you are aware of the circumstances surrounding the collection.
 
Why we collect your personal information
 
We may collect and hold your personal information for a number of purposes, including:

• Fundraising – to manage our fundraising activities, process donations, purchases and bequests and provide tax receipts.

• Home lottery – to enter you in the draw, contact prize winners, publicise the names of prize winners, notify you about future lotteries and inform you about other services offered and activities undertaken by us that may be of interest to you.

• Marketing – to communicate with you about donations, lotteries, products, services, campaigns, grants, events, surveys and the impact of our work.

• Health services and programs – to provide you with information and health services and programs, and to evaluate and report on these services and programs.

• Research – to conduct research or process grant applications and fund evaluate and report on supported projects, and provide you with information about research initiatives you may be interested in.

• Health promotion – to provide you with information about health and wellbeing, disease risk factors and to seek your support for campaigns and events.

• Volunteering and other support – to enable you to assist us with volunteering, fundraising, community engagement, advocacy and activities or events held or supported by us.

• General purposes – to communicate with you in relation to our operations, activities and objectives, to evaluate and improve our programs and services and to comply with relevant laws.

Health information and other sensitive information
 
When administering our services we may collect your health information and other sensitive information. For example, we may collect medical history information and medical referrals from you if you are being provided with health services or participating in a health or wellbeing program. Your health information is treated as confidential and stored in a secure manner.

We will only collect sensitive information when you have consented or when we are required or authorised by law to collect such information.
 
What happens if you don’t provide your information?
 
If you do not provide some or all of the personal information requested, we may not be able to provide you with the information or services you require.
 
Website use and cookies
 
We collect personal information by tracking your use of our websites (in which case we may collect information about your IP address, location or activity). This information helps us to keep connected with you, through understanding your use of our websites. The information we may collect includes information to enable us to personalise your experience on our websites and to enable us to statistically monitor how you are using our website.

We may also use this information to:

• Conduct marketing and promotional activities;

• Provide information to your browser that we think may be of interest to you; and

• Determine the popularity of certain content.

A cookie does not identify individuals personally, but it does identify devices. You can set your browser to notify you when you receive a cookie, and this will provide you with an opportunity to either accept or reject it in each instance.

Opting out of direct marketing communications

Where we use your personal information to send you marketing or fundraising information by post, email or mobile, we will provide you with an opportunity to opt-out of receiving such information or to change your communication preferences. By electing not to opt-out, we will assume you are consenting to receive similar information and communications from us in the future.

If you do not wish to receive direct marketing communications from us, you can also contact us at:

The Hospital Research Foundation Group
62 Woodville Road, Woodville, Adelaide SA 5011
Telephone:  08 8244 1100
Email:  [email protected]

If you wish to be removed from the database used to send information about our lotteries, please phone Deloitte on 08 8407 7212, email us at [email protected] or follow the opt-out instructions in the emails.

Disclosure of your personal information

We may need to disclose your personal information to others in order to carry out our functions and activities. This may include:

• External advisers and service providers – health care professionals, other professionals, government agencies, health authorities, financial institutions and other community service providers.
• Research grants – administering organisations, and reviewers of grant proposals and project reports.
• Contractors, volunteers and service providers who perform services on our behalf, such as mailing houses, printers, information technology services providers (including cloud computing service providers), consultants and advisers, marketing and fundraising organisations.
• Home lottery service providers including our lottery consultant (SO Asher Consultants Pty Ltd), ticket administrator (Deloitte) and marketing and media consultants engaged to assist us in promoting and administering the home lottery.
  

Your personal information may also be shared with related entities in THRF Group. We do not sell or disclose your personal information to third parties for their marketing purposes.

We will only share your personal information with your consent or where permitted or required under the Privacy Act 1988.

Cross-border disclosures of your personal information

We use data hosting facilities and third-party service providers to assist us with providing our products and services. As a result, your personal information may be transferred to, and stored at, a destination outside Australia such as the United States, European Union and United Kingdom. Personal information of lottery participants is disclosed to service providers located in Canada.

Personal information may also be processed by other third parties operating outside Australia who are engaged by us. We take such steps as are necessary in the circumstances to ensure that any overseas third-party service providers we engage will comply with the Australian Privacy Principles, including through contractual arrangements.

How we store your personal information

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information may be stored on a password protected electronic database, which may be our database, a database maintained by a cloud hosting service provider or other third-party database storage or server provider. Personal information held in databases is accessible only by those persons who need to have access to the information, and is protected by firewalls, the use of encryption and digital certificates.

Research participant data is stored securely and separately, with limited access by approved researchers. This data may be disclosed in a de-identified manner in accordance with research standards and ethics approvals.

Hard copy information is generally stored in our offices, which are monitored and/or secured to prevent entry by unauthorised people. Any personal information that is no longer needed for any purpose will be destroyed or de-identified.

Where personal information is stored with a third party, we have arrangements which require the third party to maintain the security of the information.

Debit card and credit card information

We do not store your debit or credit card information on our systems.  We use accredited payment gateway providers for debit and credit card transactions and may store a secure token provided by the payment gateway. Your transaction information is encrypted on our servers and access to this information is restricted to authorised employees only.

Access to your personal information

You have the right to access your personal information, subject to some exceptions allowed by law. If you would like to access your personal information, please contact our Privacy Officer on the contact details below. For security reasons you will be asked to put your request in writing.

We reserve the right to charge you for our reasonable costs associated with providing the information requested. If we refuse to grant you access to your personal information we will provide you with reasons for that decision.

Updating your personal information

You may ask us to update or correct the personal information we hold about you at any time. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.

If you wish to update your personal information, please contact us on the contact details below.

Privacy queries and complaints

If you have any queries or would like to make a complaint relating to our Privacy Policy or how we collect and handle your personal information, please contact us at:

The Privacy Officer
The Hospital Research Foundation Group
62 Woodville Road, Woodville, Adelaide SA 5011
Telephone:  08 8244 1100
Email:  [email protected]

Any complaints to us relating to privacy should be made in writing. We will endeavour to respond to complaints and queries as soon as practicable.

If you feel that your complaint has not been resolved to your satisfaction you are entitled to make a complaint to the Office of the Australian Information Commissioner at https://www.oaic.gov.au/about-us/contact-us or by phone on 1300 363 992.