Legal status and privacy policy

About The Royal Children’s Hospital Foundation / Information for donors

The Royal Children’s Hospital Foundation Limited ABN 15 007 143 142 (RCH Foundation) is a public company limited by guarantee. It is also the Trustee for The Royal Children’s Hospital Foundation No. 2 Trust ABN 75 761 829 818 (RCH Foundation No. 2 Trust).  The RCH Foundation is a separate legal entity from The Royal Children’s Hospital.

The RCH Foundation is endorsed by the Australian Tax Office (ATO) as an Item 2 Deductible Gift Recipient, known as an ancillary fund.

RCH Foundation No. 2 Trust is endorsed by the ATO as an Item 1 Deductible Gift Recipient. This means we are eligible to receive funds from Item 2 DGR entities such as philanthropic trusts, foundations and prescribed private funds.

The RCH Foundation holds Tax Charity Concession status. Therefore, all donations of $2 and over are fully tax-deductible.

 

Privacy policy

This is a privacy policy for the RCH Foundation and RCH Foundation No. 2 (‘we’, ‘us’ or ‘our’) and complies with the Privacy Act 1988 (Cth) (including the letter and the spirit of the Australian Privacy Principles (APPs)) and any relevant State or Territory laws in relation to the management of personal information.

This Privacy Policy explains:

  • how we collect personal information from individuals;
  • the steps we take to protect the privacy of personal information we collect, use and disclose;
  • how we may use such information and to whom information may be disclosed; and
  • how individuals can request to access and correct the information we hold, lodge complaints with us in relation to alleged breaches of privacy or to make a query related to privacy.

We expect associated organisations and fundraisers to abide by the practices set out in this Privacy Policy.

 

Legislation

We are required by law to ensure that all personal information pertaining to donors, fundraisers, prospective employee, volunteers, contractor, website and social media visitors remain confidential. We comply with all legislations relating to privacy and confidentiality including:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles;
  • Privacy and Data Protection Act 2014 (Vic); and any other corresponding legislation in other States or Territories.

 

What personal information do we collect?

For the purposes of this policy, ‘personal information’ is information or opinion that identifies an individual or information or opinion which could reasonably identify an individual, regardless of whether the information or opinion is in a material form or not. It may include (but not necessarily be limited to) an individual’s name, contact details and records of the individual’s dealings with us or with our staff.

We do not collect sensitive information, however if you volunteer to provide such information (eg: health information), we will maintain it in accordance with this privacy policy.

We may collect the following information from donors and fundraisers:

  • name;
  • address;
  • email address;
  • telephone number and other contact details;
  • credit card information (as set out below in the credit card information section);
  • details of any donations;
  • device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, IP address and standard web log information;
  • details of our fundraising and grant marking activities we have provided to you or that you have enquired about; and
  • any other personal information that may be required in order to facilitate your dealings with us.

We may also collect the following information from prospective employees, volunteers, and contractors:

  • name;
  • email address;
  • telephone number and other contact details;
  • qualifications;
  • working history; and
  • relevant records checks.

We may also collect the following personal information from visitors of our websites and social media:

  • name;
  • IP address and standard web log information, and
  • details of any fundraising or grant making activities you have enquired about, including any additional information necessary to respond to your enquiries.

 

Credit card information

The RCH Foundation recognises the importance of online payment security. The RCH Foundation website allows you to make a secure online donation via credit card. When you enter your credit card information, we encrypt the data on a secure server operated by us. You can verify the secure status of the donation page by clicking on the padlock icon in your browser.

Your encrypted credit card information is then transferred securely to an online payment system operated by Stripe. Stripe creates a secure connection with your bank and confirms if the payment has been accepted. Stripe privacy policy can be viewed at https://stripe.com/au/privacy.

Although we encrypt your credit card information we do not retain your credit card number. If you choose to make a regular donation, your credit card details will be securely stored by Stripe which will automatically process the donation.

 

Dealing with us anonymously or on a pseudonymous basis

Subject to the following, you may interact and deal with us on an anonymous or pseudonymous basis for the purpose of small cash donations. However, if you choose to interact and to deal with us in this fashion, or you do not provide us with personal information when requested, we may be unable to provide you a donation receipt.  We are unable to accept anonymous electronic donations.

How we collect your personal information

We collect personal information using lawful and fair means and generally only when relevant to our operations and activities.

Donors and fundraisers

  • when you make a donation;
  • when you enquire about fundraising;
  • when you complete a form (either physical or online) or any other document that is used in a contract or transaction between us and you;
  • when you subscribe to receive our e-newsletter;
  • when you contact us via a telephone, email or in-person inquiry or engage in discussion about donations and fundraising; and
  • through communication with us via correspondence, webchats, email, or when you share information with us from other social applications, services or websites.

Prospective employees, volunteers, and contractors

  • when you apply for a job or position with us; or
  • through a recruitment consultant, or
  • through your previous employers and referrers who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

The Privacy Act 1988 (Cth) contains permitted health situations and certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of relevant permitted situations and exemptions in the Act.

Visitors of our websites and social media

  • when you access our website; or
  • when you access our social media pages.

Third parties

We endeavour to collect your personal information directly from you, unless it is unreasonable or impracticable for us to do so. In some circumstances we may collect your personal information from other third parties, such as your employer, contracting organisations, or from a publicly available record.

We do not seek to collect personal information about you or your child’s association with The Royal Children’s Hospital, Melbourne (the hospital). We do not obtain any health information from the hospital. On occasions donors give us information about a patient or former patient of the hospital or someone else who inspired their donation. While we value the sentiments involved, in accordance with APP 4.3, we will de-identify or delete the patient information (unless consent has been obtained from the patient or former patient).

On occasions donors deliver their donations and associated personal information to the hospital. While we are related to the hospital, we handle donations instead of the hospital, so both entities interpret such a donation as intended for and given to us.

 

Why do we collect, use and disclose personal information?

As a general principle, and in accordance with our statutory obligations, personal information is only used for the primary purpose(s) for which the information was collected or any secondary purpose that is related to the primary purpose for which you would reasonably expect us to use the collected information or as otherwise permitted by law.

We will take reasonable steps to make you aware of the purpose(s) for which the personal information collected may be used at or before the time of collection.

Donors and fundraisers

  • to seek donations and raise funds;
  • to process transactions and administer accounts;
  • to enable you to access and use any services in connection with our fundraising and grant making activities;
  • to stay in touch and inform you about research, education and fundraising events or activities;
  • to send you marketing, promotional and fundraising messages that may be of interest to you. Please note, we will only use non-health information for marketing, promotional and fundraising purposes; and
  • to comply with our regulatory and statutory obligations.

Prospective employees, volunteers, and contractors

  • to consider your employment application;
  • to comply with our legal obligations; and
  • for record keeping and accounting.

Visitors of our websites and social media

  • to monitor, improve and protect user experience;
  • for record keeping;
  • for compliance with legal obligations; and
  • to generate aggregate statistic using your de-identified data.

 

To whom do we disclose your personal information  

We may disclose personal information for the following purposes:

  • where you have consented to the disclosure and where you would reasonably expect us to disclose your personal information;
  • when required by payment systems operators (e.g. merchants receiving card payments as set out above in the credit card information section);
  • to our employees where the information is directly relevant to their role;
  • to specific third parties authorised by you to receive information held by us;
  • to third party service providers (including providers for the operation of our websites and/or our business or in connection with our fundraising and grant making activities);
  • to our existing or potential agents, business partners (including our telemarketing, in-person and mailing house agents and contractors in order to enable them to perform services under contract with us which may directly or indirectly benefit the individual from whom the information was collected);
  • to other entities, including government agencies and regulatory bodies for the purpose of our compliance with our statutory obligations;
  • to satisfy our legal obligations including court order (such as subpoena), or other governmental order or process to disclose, or where we believe in good faith that the law compels us to so disclose the information.

 

Disclosure of personal information outside Australia

We may disclose personal information outside of Australia in certain limited circumstances for example because certain IT functions are outsourced to an overseas provider or where information is stored on a cloud server located overseas. If we do so, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs, unless:

  • the overseas recipient is subject to laws similar to the APPs and you have a right to take action against the overseas recipient;
  • we reasonably believe the disclosure is necessary or authorised by Australian Law; or
  • the individual has provided express consent to the disclosure.

 

Direct Marketing

Once you have provided us with your personal information we may send you direct marketing communications and information about our programs such as fundraising programs. This may take the form of emails, SMS, mail or other forms of communication, in accordance the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law). You may opt-out of receiving marketing materials from us by sending an email to rch.foundation@rch.org.au or by contacting us. We may also share and obtain your personal information from like-minded organisations (e.g. charities or list suppliers) where we believe you would like to receive direct communications/marketing. If we collected your personal information in these ways, please let us know if you wish to opt out of communications.

We may also market about our fundraising and grant making activities to you generally – including via social media, advertising through our website or through third party websites and other digital or non-digital platforms. We will always do this in accordance with our legal requirements and if we use a third party to do so, we will only do so with our trusted partners.

 

Using our website and cookies

We may collect personal information about you when you use and access our website through various technologies, including ‘cookies’. A ‘cookie’ is a text file our website transmits to your browser which is stored on your computer as an anonymous tag identifying your computer (but not you specially) to allow the server to deliver a page tailored to you. The browser may be configured to disable cookies, but some parts of our website may not function properly (or at all) if cookies are disabled. Where a cookie is linked to your account, it will be considered personal information under the Privacy Act 1988. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

 

Security of your personal information 

We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.

We have typical business processes in place to reasonably protect the security of your personal information, including physical, electronic, and managerial procedures to safeguard and secure the information we collect. Only authorised staff can access your personal information.

The computer system used by the RCH Foundation is located on-site at the hospital and the RCH Foundation in a physically and electronically secure environment. Data is also kept on a software system and stored on a cloud server which is provided under contract by an external commercial organisation. RCH Foundation believes that the contractor is bound, either by law or by contract, with the Australian Privacy Principles.

 

Accessing and correcting personal information we hold about you

You have a right to access and request a correction of the personal information we hold about you by contacting us using the contact information below. Where we receive a request to access or a request for a correction, we will respond within a reasonable period of time (usually 14 days).

Please note that we are entitled, under the relevant law, to charge a reasonable administrative fee to cover our costs incurred in providing access to the personal information we hold about an individual. We also reserve the right to verify the identity of the person making an access request, to ensure that we are not inadvertently disclosing personal information to an individual not entitled to access such information. Furthermore, we reserve the right to redact the information we make available in response to an access request, to protect the privacy of other individuals.

We may from time to time refuse to provide access to the information we hold about an individual, in accordance with the relevant law. Where we refuse access, we will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why.

We take reasonable steps to ensure that the information we collect, hold, use and disclose about an individual is complete, up-to-date and accurate. However, if at any time you believe that personal information we hold about you is incorrect, incomplete, outdated or inaccurate, you have the right to request that we amend such personal information. If we refuse the correction requestion, we will provide written reasons and information about the complaint process should you not be satisfied with our reasons.

You can contact us to request access or update to the personal information we hold about you or change your contact details by sending an email to rch.foundation@rch.org.au or by contacting us.

 

Keeping your personal information up to date

We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect or use it. If you find that the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact us immediately and we will take steps to correct the information.

 

Period of retention

We will not retain the personal information of any person for longer than necessary.

 

Notifiable Data Breaches Scheme

In the event of any unauthorised access or unauthorised disclosure or loss of your personal information that is likely to result in serious harm to you, and where remedial action has not been able to prevent the likely risk of serious harm, we will investigate and notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.

 

Changes to this Policy

This Privacy Policy may change from time to time. Any updated versions of this Privacy Policy will be posted on our websites and will be effective from the date of posting.

 

Addressing your concerns

If you have a query on how your personal information is collected or used, or if you are concerned that we may have breached any requirement of the Australian Privacy Principles or any other legislative requirement applicable to the RCH Foundation, please notify our Privacy Officer by sending an email to rch.foundation@rch.org.au or by contacting us.

We take all complaints and concerns seriously. Our Privacy Officer will investigate your concerns, and respond to you within 14 business days of your concern being received by the RCH Foundation.

If you are not satisfied with the outcome of your complaint, you may write to us seeking an internal review of our decision. Such internal review will be completed by an officer not previously involved in your complaint.

If you still remain dissatisfied following the outcome of our internal review, you may escalate the complaint to the Office of the Australian Information Commissioner and the Office of the Victorian Information Commissioner.

Office of the Australian Information Commissioner
Postal address: GPO Box 5288 Sydney NSW 2001
Phone: 1300 363 992
Email: foi@oaic.gov.au
Website: www.oaic.gov.au

Office of the Victorian Information Commissioner
Postal: PO Box 24274, Melbourne, Victoria 3001
Phone: 1300 006 842
Email: enquiries@ovic.vic.gov.au
Website: www.ovic.vic.gov.au

The OAIC website has links to other state and territory privacy regulators.

 

Whistleblower Policy

The RCH Foundation is committed to supporting people who wish to make a complaint. The RCH Foundation takes issues raised seriously and, will escalate and act on them as a matter of priority. Privacy and confidentiality of information will be a priority in handling complaints.

Section 9.4AAA of the Corporation Act 2001 (Act) provides direction for this policy. People wishing to make a complaint and RCH Foundation employees are supported with the information and guidance contained within this policy

View the Whistleblower Policy here

 

Social media terms of service

The RCH Foundation welcomes contributions to our social media accounts and encourages discussion related to the projects we support, our donors, events and more. To ensure a safe environment for all members of our community, we ask users to abide by these Terms of Service and reserve the right to remove any content we deem inappropriate.

When posting please respect the views of other users and be aware that our accounts are accessed by minors. Accordingly, posts and contributions should be suitable for individuals of all ages.

All material posted by users must comply with the relevant service’s Terms of Use. In addition, users may not post any material that:

  • Is abusive, threatening, discriminatory or defamatory
  • Is unlawful, fraudulent, misleading or malicious
  • Infringes on the intellectual property rights of others
  • Is offensive, obscene or otherwise inappropriate
  • Is entirely off-topic or material that has been excessively reposted by a user
  • Advertises or offers to sell any good or services, contains spam or any other unsolicited commercial message

We reserve the right, in our absolute discretion, to remove, untag and/or report any posts, including those that violate these Terms of Service.

Users who breach these Terms of Service may be blocked from contributing, and the RCH Foundation accept no liability for any loss arising out of or in connection with Users being blocked from the relevant service or the deletion of a User’s content.

Comments and posts on our social media accounts do not necessarily reflect the opinions of the RCH Foundation its employees or affiliates. The RCH Foundation does not endorse this material and is not responsible for its accuracy.