CCQ takes privacy seriously. We are committed to respecting your privacy and protecting your personal information.
CCQ is dedicated to improving the quality of life of people living with cancer, through research, care, prevention and early detection. In order to pursue this objective CCQ must provide assurances to the community of its commitment to the privacy of personal information.
In addition, from time to time, when performing functions for the Queensland government, we may be obliged to comply with the Human Rights Act 2019 (Qld) (the “Human Rights Act“). When performing those functions we consider and act compatibly with human rights (including the right to privacy).
If you have any concerns about the manner in which your personal information has been collected, stored, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue. We can be e-mailed at firstname.lastname@example.org or write to us at Privacy Officer, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004 and we will then attempt to resolve the issue.
We recommend that you keep this information for future reference.
2. I don't have time to read the whole policy. What should I read first?
- how we collect, use, disclose and store your personal information; and
- how you can contact us if you want to access or correct personal information we hold about you.
If, on the other hand, you are in search of a more comprehensive explanation of our information handling practices, then this is the document for you.
3. Policy Statement and Details
3.1 What is personal information?
The Privacy Act defines “personal information” to mean information or an opinion whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable.
3.2 Sensitive information
3.2.1 What is sensitive information?
Sensitive information is a subset of personal information. It means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or health information.
In general, we attempt to limit the collection of sensitive information but this is not always possible given the counselling, support and Research Services performed by CCQ. “Research Services” include cancer research, and statistical compilation and analysis that is conducted or supported by CCQ. Where required, we will collect sensitive information from you, or from third parties about you, in order to carry out the services provided to you, or in order to carry out or support our Research Services. We do not collect sensitive information from you without your consent. We may, however, receive sensitive information about you from third parties without your consent (where this is permitted by the Privacy Act or other applicable laws) in order for us to carry out our Research Services.
The type of sensitive information we may collect from you or record about you is dependent on the services provided to you by CCQ and/or the purpose of collection and will be limited to the purpose(s) for which it is collected. We do not use sensitive information to send you Direct Marketing Communications (as defined in paragraph 7 below) without your consent.
3.2.2 Consent to collection of certain types of sensitive information
We may collect certain types of sensitive information where you have consented and agree to the collection of such information, or where otherwise provided to us in order for us to conduct our Research Services.
We may also collect sensitive personal information without your consent in accordance with the Privacy Act and any other applicable laws. The main types of sensitive personal information that we may collect without your consent relate to:
- the criminal record of an individual;
- the health or medical information of an individual; and
- genetic information,
but only to the extent that you volunteer such information or if it is necessary for, or incidental to, the purposes of collection set out in paragraph 5 or as otherwise permitted or required by law.
4. Collection of your personal information
4.1 Types of information we may collect and hold
We only collect and hold personal information where that is necessary for what we do. The type of information we may collect and hold includes:
- your contact information (both home and work) such as full name (first and last), e-mail address, current postal address and phone numbers;
- your date of birth;
- your employment details, including but not limited to your job title, any training and skills you may have;
- your insurance policies and details, if applicable;
- your opinions via surveys and questionnaires, if applicable;
- details relating to the goods and services you have obtained from us;
- details relating to donations made to us;
- if you are making a donation or requesting products or services from us or we are purchasing goods or services from you, then any relevant payment or billing information (including bank account details, credit card details, billing address and invoice details);
- any sensitive information listed in paragraph 2; and
- your username and password when setting up an account on our website.
4.2 Direct collection
As much as possible, we will collect your information directly from you. We also obtain personal information from third parties such as our service providers, charitable or likeminded organisations, grant providers and recipients, government departments and agencies, volunteers, medical health personnel, research institutions, and Cancer Council Australia and state and territory Cancer Councils that are members of Cancer Council Australia (“Cancer Councils”).
4.3 Optional activities
When you engage in certain activities, such as purchasing a product, signing up for a service, entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
4.4 Mandatory information
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data, or any other information we require in order for us to provide our services to you, we may be unable to effectively provide our services to you.
4.5 Online activity
If you use our Website, we may utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. A cookie does not identify you personally but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
We use Google Analytics to track visits to our website, and use this information to track the effectiveness of our website to inform and optimise content based on your past visits to our site. While this data is mostly anonymous, sometimes we will connect it to you, for instance in personalising a webpage, or prefilling a form with your details. We also use pixel tracking, which indicates when your computer has visited pages on our websites where a pixel has been installed. As with cookies, this does not identify you personally, only the device you are using.
5. How we may use and disclose your personal information
5.1 Use and disclosure
We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
You consent to us using and disclosing your personal information to facilitate the applicable primary purpose/s for which such information was collected in connection with:
- if required, the verification of your identity;
- fundraising, including the processing of donations and grants;
- the processing of scholarships, awards and courses;
- undertaking our Research Services;
- the processing of orders, including to communicate with you concerning such orders;
- the provision of our goods and services to you (as applicable), including but not limited to counselling, support services, volunteering and fundraising;
- the administration and management of donations or our goods and services, including charging, billing, credit card authorisation and verification and collecting debts to the extent that such information is not directly provided to our third party hosted payment system for processing;
- the improvement of our services (including to contact you about those improvements and asking you to participate in surveys about the goods and services);
- the maintenance and development of our goods and services, products, business systems and infrastructure;
- marketing, events and promotional activities conducted by us and other Cancer Councils (including by direct mail, telemarketing, email, SMS and MMS messages);
- providing customer service functions, including handling customer enquiries and complaints;
- offering you updates, or other content or products and services that may be of interest to you;
- our compliance with applicable laws;
- your employment (or potential employment) by us; and
- any other matters reasonably necessary to facilitate the primary purpose and to continue to provide our goods and services.
5.2 When we will seek your consent
We will not use or disclose your personal information without your consent unless:
- it is disclosed or used for a purpose related to the primary purposes of collection and you would reasonably expect your personal information to be used or disclosed for such a purpose;
- we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
- we have reason to suspect that unlawful activity has been, or is being, engaged in; or
- it is required or authorised by law.
5.3 Additional consent required
In the event we propose to use or disclose such personal information other than for reasons in paragraphs 5.1 and 5.2 above (and unless paragraph 5.5 applies), we will first seek your consent prior to such disclosure or use.
If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us by e-mail at email@example.com or write to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004 and we will ensure the relevant communication ceases. If you are a Supporter you can also email us at firstname.lastname@example.org or call us on 1300 65 65 85.
5.5 Disclosure required by law
6. The types of organisations to which we may disclose your personal information
6.1 Disclosure to third parties
Examples of organisations and/or parties that your personal information may be provided to, where appropriate given the goods or services that we are providing to you, and where we have your consent to do so, include:
- charitable or likeminded organisations, and grant and award providers that are aligned with CCQ, and third party service providers who facilitate the sharing of information between such types of organisations;
- third party service providers, Government departments and agencies, volunteers and medical health personnel that may assist CCQ with financial support, transportation, accommodation, counselling, fundraising and support services;
- third party service providers, Government departments and agencies, research institutions including but not limited to hospitals and universities, volunteers and medical health personnel that are concerned with cancer research and prevention;
- other Cancer Councils; and
- our contractors, third party service providers, volunteers and agents.
7. Direct Marketing
7.1 Who are Supporters and what are Direct Marketing Communications?
For the purpose of this clause, a “Supporter” is an individual or organisation who has donated or participated in fundraising and other related activities in support of Cancer Council Queensland, and “Direct Marketing Communication” is any communication about products, services, events, fundraising or any other activity (including third party products, services, events and fundraising) which may be of interest to you.
7.2 Consentby Supporters
Where you are a Supporter:
- you expressly consent to us using your personal information; including any email address you give to us, to send you Direct Marketing Communications;
- you expressly consent to us disclosing your personal information to other Cancer Councils who may also use your personal information to send you Direct Marketing Communications. We will take reasonable steps to ensure that your information is used by other Cancer Councils in accordance with the terms of the Privacy Act;
- you expressly consent to us disclosing your personal information to other likeminded organisations (including other charities, and third-party service providers who facilitate the sharing of information between such types of charitable or likeminded organisations) who may also use your personal information for sending you Direct Marketing Communications. We will take reasonable steps to ensure that your information is used by such organisations in accordance with the terms of the Privacy Act; and
- if at any time you do not wish us to disclose your personal information to others under paragraphs (b) or (c) or you do not wish to receive any further Direct Marketing Communications from us, then you can simply request to opt out of receiving further Direct Marketing Communications from us and/or ask that we not to disclose your information to other organisations for that purpose. In the case of paragraph (c) we will give you an opportunity to opt out not less than 30 days before we disclose your personal information to such organisations. You may do this by contacting us by email at email@example.com, by calling our Supporter Hotline 1300 65 65 85 or by writing to us at Philanthropy and Supporter Experience, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.
8. Cross Border Disclosure
8.1 Transfer of personal informationoverseas
8.2 Consent to transfer overseas
By submitting your personal information to CCQ, you expressly agree and consent to the disclosure, transfer, storage or processing of your personal information outside of Australia, as described in paragraph 8.1. In providing this consent you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information. You acknowledge that if such offshore entities handle your personal information in breach of the Australian Privacy Principles they and we will not be accountable under the Privacy Act and you will not be able seek redress under the Privacy Act.
If you do not agree to the transfer of your personal information outside Australia, please contact us by email at firstname.lastname@example.org or by writing to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004. Please note that we may not be able to provide some services and/or products to you as a result of your election not to have your personal information transferred overseas.
9. Data quality and security
9.1 Storage and Security
At all times we will take reasonable steps to help ensure your personal information is safe including:-
- making sure that the personal information we collect, use or disclose is accurate, complete and up to date;
- protecting your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
- destroying or permanently de-identifying personal information if it is no longer needed for any authorised purpose.
You will appreciate, however, that we cannot guarantee the security of all storage and transmissions of personal information, especially where the internet is involved.
Your personal information will be stored on a password protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.
Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived with a third party provider of secure archiving services or is destroyed or de-identified if no longer needed.
Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information. We take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Notwithstanding the foregoing, we have implemented appropriate internal procedures to respond to the unauthorised access or disclosure of your personal information in a manner which constitutes a data breach (“Security Incident“) including, but not limited to, taking reasonable steps to contain the Security Incident, undertaking a preliminary assessment of the Security Incident and (where appropriate following the results of that assessment) implementing appropriate changes and taking appropriate steps in response to the data security breach. Where required under the Privacy Act, or in any instance where we feel it is appropriate to do so, we will notify you and the appropriate authorities if a Security Incident occurs.
The accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
- let us know if there are any errors in your personal information; and
- keep us up-to-date with changes to your personal information (such as your name or address).
10. Access, corrections and complaints
You are entitled to have access to any of your personal information which we possess, except in some exceptional circumstances provided by law. You can gain access by emailing us at email@example.com or writing to us at Privacy Officer, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004. We reserve the right to charge a fee for searching for and providing access to your information.
10.2 Correctionand Deletion
If the Human Rights Act applies to a service that you have received from us (i.e. certain services that CCQ provides pursuant to contracts with the Queensland government) and you believe that your human rights (for example your right to privacy) have been breached, please let us know and we will respond within 45 business days. If you are not satisfied with our response after this time, you can complain to the Queensland Human Rights Commission (see www.qhrc.qld.gov.au).
11. Governing law