1. PURPOSE
The Fred Hollows Foundation (The Foundation) is committed to promoting and adhering to the highest standards of protection and accountability in its governance and operations to ensure the protection and privacy of Personal Information and personal data, both within the organisation and under its projects and programs.
The Foundation has governance and management systems and processes directed towards reinforcing its commitment under this policy. The measures put in place by The Foundation in this area are complemented by the initiatives it is undertaking to continually improve its operational effectiveness and further strengthen its governance, internal control, security, information protection and risk management practices.
2. BACKGROUND
This policy outlines how The Foundation will comply with our global standard, based in Australian law. The Privacy Act 1988 (Cth) (Privacy Act) is an Australian law which regulates the handling of Personal Information about individuals. Similar protections exist under other laws applicable within the jurisdictions in which The Foundation operates such as the General Data Protection Regulation in the European Union.
The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of Personal Information (including Sensitive Information).
We make sure we comply with all our obligations and responsibilities under all relevant privacy laws in all jurisdictions and entities, whenever we handle Personal Information.
3. DEFINITIONS
Personal Information - is any information or opinion that can identify or be used to identify an individual or is Sensitive Information that has been de-identified. The Foundation collects Personal Information about you where it is reasonably necessary for us to perform one or more of our functions or activities.
Sensitive Information - is a subset of Personal Information and includes information or an opinion about an individual's racial or ethnic origin, political opinion, religious beliefs, philosophical beliefs, sexual orientation or criminal record, financial details, and genetic information or health information (being any personal information about an individual’s health or disability). By providing health or other Sensitive Information to The Foundation, an individual consents to The Foundation collecting this information and using and disclosing it for the purposes set out in this Privacy Policy.
4. COMMITMENTS UNDER THIS POLICY
4.1 Collection of Personal Information
Most of the time, and where reasonable and practicable to do so, Personal Information will be collected directly from individuals, particularly where that Personal Information may include Sensitive Information.
From time to time Personal Information may be obtained by us from third parties, such as third party health provider partners, our donors, supporters, volunteers, contractors, visitors to our field programs, and other individuals for various business and other purposes further listed in section 4.2. In these circumstances, The Foundation will take reasonable and practicable steps at or before the time of collection (or as soon as practicable after collection) to notify the individual, or otherwise to ensure they are aware, that Personal Information has been collected and the circumstances of the collection, in accordance with all relevant privacy law in Australia.
The types of Personal Information The Foundation will collect from you will depend on the circumstances in which that information is collected. It may include:
- contact details (i.e. your name, address, email, phone and facsimile details);
- information about your employment (e.g. place of work, position, authority to transact with us, etc.);
- information required as part of a recruitment process;
- statistical information regarding the use of The Foundation's website/s;
- health or other Sensitive Information, such as information about an individual’s eye health; and
- financial information including bank account or credit card details needed to process donations or make payments to suppliers and partners.
- Location information via our fundraising app for Fred’s Big Run event, developed by our partner Funraisin (Made with Ed)
If you do not provide us with the information we request, we may not be able to fulfil the applicable purpose of collection, such as to receive your donation.
4.2 Use of Personal Information
The purposes and uses of collected Personal Information may include:
- processing donations;
- communicating with supporters, donors and partner organisations;
- recruiting and managing staff, contractors or volunteers;
- conducting marketing activities;
- monitoring and evaluating our programs;
- conducting research and evaluation;
- promoting eye health and related products and services;
- conducting or supporting eye health screening or intervention activities; and
- enabling other activities and functions of The Foundation.
The Foundation may use your Personal Information for the purposes of direct marketing, for example in relation to products and/or services The Foundation may offer from time to time, or telemarketing communications where we have your consent or we are otherwise permitted by law to do so. If at any time you do not want to receive further direct marketing messages or communications from The Foundation, please contact The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or donations@hollows.org or 1800 352 352. Please allow at least 7 days to process your request.
If there is a need to use Personal Information for any other purpose not set out in this Privacy Policy, The Foundation will only use Personal Information for a purpose other than for which it was collected or a related purpose if you have consented to such different use or where The Foundation may otherwise be reasonably expected to do so.
The Foundation does not sell Personal Information to third parties and, except as provided for in this Privacy Policy, does not make Personal Information available to third parties.
We also collect and process location information when you sign up for and use The Foundation’s event app for Fred’s Big Run. We do not track your device location while you are not using the app, but in order to provide core services of the application, it is necessary for us to track your device location while in use. This includes while the app is open, minimised in the background and open while the device is locked. If you would like to stop the device location tracking, you may do so at any time by adjusting your device settings.
4.3 Retention of Personal Information
Subject to retention requirements for health information outlined below, The Foundation will only keep Personal Information for as long as it is needed for any purpose for which it was collected, or otherwise if it is part of a Commonwealth record or is required to be retained under Australian law or by a court or tribunal.
In accordance with the State-based health information protection laws, there is a requirement in certain circumstances to retain health information for 7 years after the last occasion on which a health service was provided to an individual, except where the information was collected while the individual was under 18 (in which case, the records will be kept until the individual has reached 25 years of age).
Personal Information collected for research and evaluation activities will be retained according to the periods specified in the project proposal and relevant law. In general, the minimum retention period is five years post-publication.
Where possible, all Personal Information which is no longer needed or required by law to be retained will be properly de-identified or destroyed.
4.4 Disclosure of Personal Information
Personal Information will be used and disclosed for the purposes described in the Use of Personal Information section above. Although The Foundation generally does not disclose Personal Information to other organisations, this may be done upon the receipt of your consent, or if it is required or authorised by law (including in emergency situations or to assist law enforcement), or if it is believed it is reasonably necessary to conduct the functions and activities of The Foundation.
The Foundation uses a range of suppliers, service providers, contractors and partners to whom your Personal Information may be disclosed to enable the activities and functions of The Foundation. They may include information technology service providers, health provider partners, suppliers of healthcare products and services, direct marketing service providers, banks, credit card companies, recruitment agencies, professional advisers and insurers.
This means that organisations and individuals other than The Foundation may access and use Personal Information held by The Foundation. The Foundation’s standard practice is to require these third party providers, through our agreements with them, to comply with our security guidelines, this Privacy Policy and all relevant privacy laws in Australia.
4.5 Disclosure of Personal Information outside Australia
We are an international organisation with information sharing between our global offices and our health provider partners. This means that it is possible your Personal Information, including health and other Sensitive Information, may be shared with our offices and our health provider partners based outside Australia. You can find a list of the countries in which we work on our website: https://www.hollows.org/au/where-we-work. The Foundation also has offices in the United Kingdom, United States, Hong Kong and United Arab Emirates for the purposes of fundraising and advocacy and a social enterprise based in Singapore.
We also engage external contractors who provide services to The Foundation who are bound by privacy legislation and laws where they are located. It is our standard practice to require these external contractors by written agreement with The Foundation to comply with our security guidelines and this Privacy Policy. Some of these external contractors are located or have information handling facilities outside Australia, including Singapore and the United States.
You consent to us disclosing your Personal Information and other Sensitive Information outside Australia for the purposes set out in this Privacy Policy. The privacy laws of countries outside Australia may not provide the same level of protection as the Australian privacy laws. Please understand that by giving us this consent, we will not be accountable and you will not be able to seek redress under the Australian Privacy Act, the Australian Privacy Principles or any other relevant privacy laws in Australia if the overseas recipient handles your information in breach of any relevant privacy laws. You may also not be able to seek redress in the overseas jurisdiction if there is a breach of your privacy. However, your consent does not in any way lessen our commitment, and the measures we take, to protect and secure your Personal Information and Sensitive Information.
4.6 Security of Personal Information
All reasonable steps are taken to ensure the security of Personal Information by storing it in a secure environment, and to keep this information accurate, up to date and complete. If third party providers are used in connection with the storage of Personal Information it is standard practice to require these third party providers, through agreements with them, to comply with The Foundation’s security guidelines and this Privacy Policy. The Foundation requires our employees, contractors and third party service providers to respect and protect the confidentiality of Personal Information held.
The Foundation uses best practice security standards to protect unauthorised access to, loss or misuse of and/or alteration to Personal Information under The Foundation’s control. This includes the use of firewalls, anti-virus software, Transport Layer Security (TLS – the modern equivalent of the old SSL) encryption (minimum 256-bit) on data transfers, and the latest certificates to protect all websites.
However, because of the nature of the internet, security of Personal Information cannot be guaranteed. All unencrypted information exchanged via the internet may be accessed and used by people other than those for whom it is intended.
4.7 Access or corrections to your Personal Information
All reasonable steps are taken to ensure that Personal Information collected, held, used, disclosed, stored and handled is complete, accurate, relevant and up-to-date.
Access to, corrections or removal of Personal Information, may be requested by contacting the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or donations@hollows.org or 1800 352 352. Verification of your identity will be sought before disclosing any Personal Information.
Requests will be responded to within a reasonable period of time unless it is unreasonable or impracticable to do so. Please allow at least 7 days for processing of a request. All reasonable steps to comply with a request will be made, unless there is a need to keep information for legal, auditing or internal risk management reasons.
4.8 Anonymity
Individuals may request to deal with The Foundation anonymously or through a pseudonym. The Foundation will accommodate your request if it is lawful, possible and practical to do so.
4.9 Online donations
Donations made online via The Foundation’s websites are processed in real time using a secure payment gateway. Donations are processed in Australia (excluding US & Hong Kong) in Australian Dollars. If there are any questions or concerns about making an online donation to The Foundation, please contact the Supporter Services team at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or donations@hollows.org or 1800 352 352.
4.10 Cookies
When an individual visits or uses a website of The Foundation, Personal Information and user data may be collected automatically through cookies, including but not limited to: IP address and/or domain name; operating system (type of browser and platform); and the date, time and length of the visit to the website. Cookies are pieces of information that a website transfers to your computer's hard disk for record keeping purposes and are a necessary part of facilitating online transactions.
This information primarily is used for the compilation of statistical information about the use of The Foundation's website. Cookies may also be used to assist The Foundation and our third party service providers present personalised content and/or targeted and customised advertising to an individual on our website and/or on third party websites.
If you do not wish to receive any cookies you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on The Foundation's website.
4.11 Links to other websites
The Foundation’s website may contain links to third party websites, and third party websites may also have links to The Foundation’s website. These linked third party websites are not under our control and we are not responsible for the content of those websites. This Privacy Policy does not apply to external links or other websites. These third party websites may collect your Personal Information. Before disclosing your Personal Information on any other website, The Foundation encourages individuals to read the privacy policies of any such website you link to from The Foundation’s website/s. The Foundation is not responsible for any practices on linked websites that might breach your privacy.
4.12 Website traffic
The Foundation uses analytics tools to track visits to our website. These tools help The Foundation understand how visitors engage with its website. The Foundation can view a variety of reports about how visitors interact with our website so that we can improve it. This information is collected anonymously, reporting website trends without identifying individual visitors. We use this information to track the effectiveness of the website. Types of data collected include visits, viewed pages and the technical capabilities of our visitors. These statistics will not identify an individual.
4.13 Job applicants
When The Foundation receives an application for employment, Personal Information that was included in the application may be collected, such as your contact details, career history, education details, eligibility to work in the country where the role is based, written references and other career-related information. This may also include Sensitive Information, such as medical information or criminal history.
Personal Information may also be obtained from the following third parties:
- Personal Information through a recruitment service provider;
- prior employment history from previous employers or nominated referees;
- criminal record history, by way of a criminal history check;
- eligibility to work in the country where the role is based, by way of a passport or visa status check; and
- educational qualifications, by way of requesting confirmation of qualifications or results from an academic institution.
If Personal Information is obtained from third parties, reasonable and practicable steps will be taken, at or before the time of collection (or as soon as practicable after collection) to notify an individual, or otherwise to ensure awareness of the collection of Personal Information.
Personal Information may be collected during the recruitment process for the purpose of assessing and progressing an application, inviting applicants to apply for future positions of interest at The Foundation and conducting statistical reporting and analysis in relation to the recruitment processes. Your Personal Information for future job opportunities may be held, unless specifically requested to be deleted.
By applying for a job and providing your Personal Information, an individual is providing their consent to The Foundation's collection of Personal Information, as well as the use and disclosure of it for the purposes set out in this Privacy Policy. This may include disclosing your Personal Information to referees, related bodies corporate of The Foundation and also to other third parties that we use to help with the recruitment process. Personal Information may also be to law enforcement agencies to verify whether an individual has a criminal record.
A refusal to provide any of this information, or to consent to its proposed disclosure may affect the success of the job application.
4.14 Privacy data breach obligations
Please contact The Foundation if you become aware of any breach of security. If reasonable grounds establish there has been a Personal Information security breach, we will comply with all our obligations and responsibilities under all relevant privacy laws in Australia, including any obligation to notify you of any security breach and take effective remedial action to protect your Personal Information.
4.15 Making a complaint
A designated Privacy Officer is responsible for investigating any complaints or concerns any person may have about protection of their privacy. Any ongoing concerns or problems identified concerning our privacy practices will be taken very seriously and work will be undertaken to address these concerns. There are no fees for lodging a complaint.
To make a complaint, please contact the Privacy Officer at The Fred Hollows Foundation, Locked Bag 5021, Alexandria NSW 2015, Australia or fhf@hollows.org or +61 2 8741 1900 and ask for the Privacy Officer.
Please provide as much detail about the facts surrounding the complaint to allow satisfactory resolution and allow at least 7 days to respond to the complaint.
If The Foundation fails to resolve your complaint, the matter may be referred to the Australian Information (Privacy) Commissioner (please see www.oaic.gov.au).
5. Policy Monitoring & Review Cycle
The Chief Operating Officer is the role responsible for assessing this Privacy Policy every three years, or more frequently if deemed necessary, and of proposing any necessary changes to the CEO and Board.
The Foundation operates in a dynamic business environment. Over time, aspects of our operations may change as we respond to changing market conditions. This may require our Privacy Policy to be reviewed and revised. The Foundation reserves the right to change this Privacy Policy at any time and notify you by posting an updated version of the Privacy Policy on the website. If at any point we decide to use Personal Information in a manner materially different from that stated at the time it was collected, we will notify individuals by email or via a prominent notice on our website, and where necessary we will seek the prior consent of individuals.
Safeguarding and the Foundation's Policies
The Foundation is committed to keeping our people, beneficiaries, donors and other stakeholders safe. We adhere to The Foundation’s Values of Integrity, Collaboration, Empowerment and Action.
These are some of the Policies that guide our work:
- Our Safeguarding People Policy includes our Safeguarding Code of Conduct and sets out The Foundation's zero tolerance approach to harm, sexual exploitation and abuse to children and other vulnerable people including preventative steps and reporting.
- Our Privacy Policy sets out how we handle and protect your personal information.
- Our Speak-Up Policy outlines that The Foundation encourages a transparent speaking-up culture and environment and will provide support for whistle-blowers.
- Declarations and Conflicts of Interest Policy
- Corporate Governance Charter: Note Principle 9 that The Foundation’s principles of independence and self-sufficiency mean that we do not engage in or support welfare programs, evangelism, or partisan politics either in our own work or the activities and strategies we support and fund.
- Communication & Transparency Policy
- Procurement: We aim to demonstrate how a leading approach in sustainable procurement can positively influence outcomes for the communities in which we work, our suppliers and their supply chains, our workplaces and our valued partners who support our operations and enable our program outcomes.
- Sustainability: We are committed to promoting sustainability across economic, social and environmental subjects. Sustainable development is about integrating the goals of a high quality life, health and prosperity with social justice and maintaining the earth’s capacity to support life in all its diversity.
- Our Human Rights Gender Equity & Disability Inclusion Policy sets out the commitment of The Foundation to uphold the universal principles of human rights, particularly gender equity and disability inclusion, throughout all practices in the achievement of our Vision to see a world in which no person is needlessly blind or vision impaired.
- Our Financial Crime Policy sets out our commitment to the prevention of financial crime - including fraud, corruption, terrorism financing and money laundering – in all of our activities, operations, projects and programs.
We welcome your thoughts about how The Foundation is doing. Learn more about how to give feedback or make a complaint about The Foundation or its partners.