General Statement of Policy
Pancare is required to comply with the following laws when collecting, holding, using and disclosing personal information, including sensitive and health information: Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles under the Privacy Act (APPs), the Health Records Act 2001 (Vic) (Health Records Act) and the Health Privacy Principles (HPPs) under the Health Records Act.
Pancare is committed to responsibly managing the information provided to Pancare by individuals, employees, and organisations protecting personal and health information when providing support and advice services to persons with cancer, their families, health professionals, and the community, conducting fundraising and advocacy activities (Services).
A summary is as follows:
- Personal or organisational information will only be collected with prior knowledge and consent.
- Personal or organisational information provided to Pancare will only be used for the purposes for which it was collected, and this information shall not be used for any other purpose without consent.
- Personal or organisational information provided to Pancare shall not be disclosed to a third party or other institutions or authorities without consent, except if required by law or other regulation.
- Personal or organisational information provided shall be kept until it is no longer required, at which time Pancare may decide to destroy the information by shredding or disposal by document security (except where archiving is required).
- The information held on a client or organisation will be up-to-date, relevant, non-obtrusive, and objective.
- Pancare will take reasonable steps to correct inaccurate, incomplete or out-of-date information on a regular basis.
- Pancare has processes in place to securely protect the information under its control from unauthorised access, improper use, and alteration.
What is Personal Information?
Personal information has the meaning given to it in the Privacy Act. In general terms, the legislation defines ‘personal information’ as information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information is true or not and whether the information or opinion is recorded in a material form or not. This may include an individual’s name, address, telephone number, email address and profession or occupation. If the information collected personally identifies an individual, or the individual is reasonably identifiable from it, the information will be considered ‘personal information’.
What is Sensitive Information?
Sensitive information is a subset of personal information which is afforded a higher level of protection under the APPs. This includes information that relates to an individual’s race or ethnic origin, political opinions or memberships of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or union, sexual preferences or practices, criminal record, health information, genetic information that is not otherwise health information about an individual and biometric information. Our collection, use, and disclosure of personal information, including sensitive information, will comply with the APPs and the Privacy Act.
What is Health Information?
Health information is personal information that is also information or an opinion about the physical, mental, or psychological health of an individual, including an illness, disability, or injury of an individual, an individual’s expressed wishes for the future provision of their healthcare, or a health service provided to an individual. Health information also includes personal information that is collected to provide a health service or in connection with the donation of an individual’s body parts, organs, or body substances, or personal information that is genetic information about an individual that is predictive of the individual’s health. Our collection use and disclosure of health information will also comply with the HPPs and the Health Records Act.
Collection of Personal Information
Pancare collects personal information from individuals that we provide services to and who help us provide our services. This includes persons with cancer and their next of kin, employees, donors, recipients of support services, participants in advocacy campaigns, fundraising campaigns, health professionals, suppliers, and volunteers.
Pancare may also collect personal information from third parties such as contractors (including fundraising service providers) who provide services to us and from health professionals and an individual’s next of kin (for example, where an individual has consented or is unable to provide Pancare with their personal information directly or if a waiver has been granted).
The personal information collected depends on the nature of the individual’s relationship with Pancare and the nature of any support services provided. Pancare only collects personal information that is reasonably necessary to perform our functions or activities.
Where reasonably practicable, Pancare will collect personal information directly from you. Pancare may collect personal information in person, through its website, over the telephone, through written and electronic correspondence through hard copy forms (such as feedback forms), and in limited cases, from third parties.
The kinds of personal information we collect may include:
- your name, date of birth, and gender;
- your contact information including address, postcode, email, telephone number and mobile number;
- your details regarding ethnicity, whether you are an Aboriginal or Torres Strait Islander or language spoken at home;
- payment or billing information (including bank account details, credit card details, billing address, and invoice details) for donations; or
- details relating to the services we have supplied you.
We may also collect the following types of personal information from you if you are a person affected by cancer and next of kin:
- your health information and medical history in particular your history with, and relationship to, cancer including the type of cancer you have or your next of kin has suffered, your/their treatments.
How we collect personal information
Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection (such as the purpose for which we are collecting the information and the type of third parties to which it is usually disclosed). We will generally include this information in a collection notice.
Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
What happens if we can’t collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide the requested services to you, either to the same standard or at all.
- we may not be able to provide you with information about services that you may want; or
- we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
Why we collect personal information
We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of client service.
Client information (Patients and Carers)
Pancare uses clients’ personal information to ascertain their needs and ensure that the correct provision of support services is available to the client. Pancare will only provide data to third parties with consent from the patient.
The information that Pancare holds on our clients constitutes health information and is handled in accordance with the Health Records Act . Information collected will be held for a period of seven years from the last time the person to whom the information relates was provided a service. If the health record is that of someone under the age of eighteen, that information will be held until that person turns twenty-five years of age.
Donors and supporters
Pancare uses personal information for the purposes of processing donations, financial reporting, and contacting individuals about our activities and events where requested.
If a donor has chosen to make a public donation, Pancare may disclose the name and the amount of the donation on the Pancare website for as long as the fundraising campaign continues (variable by campaign). If an individual does not wish to have their information displayed, the individual can choose to make an anonymous donation. Donors may receive correspondence regarding ways to donate to Pancare in the future.
Who we may share your personal information with
Pancare may disclose your personal information, and you consent to Pancare disclosing your personal information, to Pancare’s related bodies corporate and associated entities (as those terms are defined in the Corporations Act 2001 (Cth)).
We may also disclose your personal information, and you consent to us disclosing your personal information, to the following third parties:
- third-party service providers for the purpose of enabling them to provide their services, including (without limitation) those who assist in processing our donations, IT service providers, data storage, web hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors, and payment systems operators.
- our volunteers, contractors, employees, or related entities
- other Australian charities to enable them to send you information about their goods, services, and programs that they consider may be of interest to you.
- sponsors or promoters of any competition we run.
- anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred.
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.
- third parties, including agents or sub-contractors, who assist us in providing information, products, or services to you.
- third parties to collect and process data, such as Google Analytics, Google Optimize, and social media pixels. This may include parties that store data outside of Australia; and
- any other third parties you authorise us to disclose personal information to.
In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant services.
We may also disclose information to provide our services, to respond to legal requirements, enforce our policies, and protect our rights and property.
Use of government-related identifier
We will not:
- use a government-related identifier of an individual (such as a Medicare number or driver’s licence number) as our own identifier of individuals; or
- otherwise use or disclose such a government-related identifier, unless this is permitted by the Privacy Act (for example, use of an identifier to verify an individual’s identity or uses or disclosures required or authorised by or under an Australian law).
How long we keep your information
We will only keep the information we collect about you for as long as required to comply with any legal obligations to which we are subject.
Correction of Personal Information
Pancare takes reasonable steps to ensure that the personal information collected is accurate, up-to-date, and complete.
Pancare will not charge for making a request for access or correcting personal information. If an individual believes that the personal information that Pancare holds about the individual is inaccurate, incomplete, out-of-date, irrelevant, or misleading, the individual may contact Pancare to have the information amended.
Where Pancare is satisfied that the information should be corrected, Pancare will take reasonable steps to correct that information. If Pancare does not agree that the individual’s information needs correcting, Pancare will provide written notice of the decision, including the reasons and our complaint process if the individual is not satisfied with the decision.
Access to Personal Information
Individuals have a right to access the personal information Pancare holds about the individual, subject to certain exceptions. Pancare must verify identity before access can be provided. Under the Privacy Act there are certain circumstances where access cannot be granted, such as if providing access would unreasonably impact on the privacy of others. If Pancare refuses a request, written notice of the decision, including the reasons and a copy of our complaints process will be provided if the individual is not satisfied with the decision.
Securing Personal Information
Pancare will take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes complying with the Payment Card Industry Data Security Standard, which covers security of payment card information.
Personal information may be stored in electronic format on cloud-based platforms. Access is restricted to those within Pancare with authority to access information to carry out their role.
Privacy and the Internet
Protecting information provided via the Internet
Our site uses security-encrypted response forms when personal and financial details are requested. These forms are subject to compliance requirements with Payment Card Industry Data Security Standards (PCI-DSS) as well as privacy principles.
However, it should be noted that no data transmission over the Internet can be guaranteed to be 100% secure, so we cannot give an absolute assurance that the information you provide to us over the Internet will be secure at all times until it is received into our database. Pancare cannot be held responsible for events arising from unauthorised access to your personal information via the web.
This allows us to:
- maintain the continuity of your browsing session (e.g., maintaining a shopping cart);
- remember your details and preferences when you return;
- use Google Analytics to collect information such as demographics and interests, visits to our websites, length of visit and pages viewed; and
- tailor our advertising through advertising networks on other websites.
You can set your browser to notify you when you receive a Cookie, and this will provide you with an opportunity to either accept or reject it in each instance. Please note that if you do this, it may affect some of the functions on our website.
We may also gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our Services. This information does not identify you personally.
Social networking services
We use social networking services such as Twitter, Facebook, and Instagram to engage interactively with you, our stakeholders, and the broader community. Where you have connected or communicated with us using these services (or where we have communicated with you), we may collect personal information about you which is relevant to that engagement (such as your networking name and the content of your comment or action). We will only collect this information for the purposes of facilitating our communications with you, providing customer support, and internally evaluating the effectiveness of our communications strategies.
The social networking services will also handle your personal information for their own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook and Instagram on their websites.
Links to other websites
Pancare may provide links to websites outside of the Pancare service. These linked sites are not under the control of Pancare, and we are not responsible for the conduct of companies linked to our website. Before disclosing your personal information on any other website, we advise you to examine the Terms and Conditions of those websites.
Mandatory Notifiable Data Breaches
We will comply with the notification and other requirements of the Privacy Act where your personal information held by us has been inadvertently lost or disclosed or improperly accessed and that loss, disclosure or access may result in serious harm to you.
Complaints to Pancare Foundation
If you wish to make a complaint about our handling of your personal information, please contact the Privacy Office via our head office number 1300 881 698, or via email at [email protected] . To provide you with an appropriate response, we may need you to provide us with more information about your complaint and to verify your identity. We will investigate your complaint and endeavour to provide you with a response within 30 days of receipt of your complaint. If we cannot respond in the timeframe specified, we will contact you and explain the reason for the delay and give you a new timeframe for our response.
If you are not satisfied that we have resolved your complaint you can request that the matter is escalated to the Chief Executive Officer.
External complaints about personal information
If you are still not satisfied that your complaint has been resolved by us, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) which deals with complaints under the Privacy Act 1988 in relation to personal information. The OAIC can be contacted at:
Telephone number: 1300 363 992
In writing: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW, 2001
External complaints about health information
For complaints about health information that is not covered under the Privacy Act, you can contact the Victorian Health Complaints Commissioner (who deals with complaints about the handling of health information under the Health Records Act), on the following details:
Telephone number: 1300 582 113
In writing: Health Services Commissioner, 26th Floor, 570 Bourke Street, Melbourne VIC 3000