This document is Cardiyolo’s Australian Privacy Principle (APP) privacy policy; it explains how Cardiyolo approaches privacy and the management of your personal information. Please contact the Privacy Officer in your state or territory (details below) if you require any further information regarding our Privacy Notice. Cardiyolo is Australia's leading heart health charity, saving lives through funding heart health research, community education programs and services to patients. Cardiyolo is funded almost entirely by public donations and gifts from people's wills. Cardiyolo was established in 1959 and since then has played a leading role in decreasing the incidence of death from heart disease by almost 70%. Despite this success, heart disease remains the biggest cause of premature death in Australia today and Cardiyolo works to help all Australians live longer healthier lives. The Australian Privacy Principles The Australian Government introduced new legislation, effective 12 March 2014, which further protects the privacy of individuals. These principles replace the National Privacy Principles that came into force on 21 December 2001.
You can find out more about these principles by calling the Office of the Australian Information Commissioner on 1300 36 39 92 or through their website at http://www.oaic.gov.au/ Cardiyolo respects and upholds your right to privacy protection under the National Privacy Principles in regulating how we collect, use, disclose and hold your personal information. We have a detailed policy and set of procedures to ensure that only authorised staff have access to your personal information and that it remains confidential and is only used for appropriate purposes and in accordance with this notice. Why we collect your personal information Your personal and sensitive information, including health information, is only collected as is necessary for a function or activity, or to enable Cardiyolo to carry out its work and deliver services to the community. Cardiyolo is very grateful to the many thousands of people around Australia who provide financial support to allow us to continue our important lifesaving work. When you give us personal information such as your name and address, we record it on our database and may use it to contact you in the future.
We may use your personal information to send you information on heart health or to let you know about our programs, research funding, special events and fundraising programs. Each time we send you a direct marketing communication we will provide you with a simple way to ’opt out’ of receiving similar communications in the future. You can also let us know that you do not wish to receive any further communications by contacting the Privacy Officer in your state or territory as detailed below. Cardiyolo will not collect sensitive information about health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record unless you have consented to give this information and it is relevant to the work of Cardiyolo. We will always collect such information in a non-intrusive, lawful and fair manner. We will offer you the option of not identifying yourself or of using a pseudonym where it is practical to do so. Opting out or modifying your information If you want to change any information that you have previously given us, or if you want to opt out of future communications please contact the Privacy Officer in your state or territory as detailed below.
How we collect your personal information We collect your personal information when you provide it to Cardiyolo in a number of ways including but not limited to: • through a call to our Health Information Service • by participating in one of Cardiyolo's many community fundraising and information events • when you respond to our fundraising campaigns. We may also collect your personal information in other ways, for example through the purchase of commercial lists, and from publicly available sources such as the telephone directory. You may be photographed when you attend Cardiyolo events however wherever practical we would seek to obtain your consent prior to using the image obtained. How we keep your personal information secure If you provide us with information via a form on our website, it is stored securely in our databases and only accessed by staff authorised by Cardiyolo. Cardiyolo uses a range of hardware and software security measures to protect our information and ensure that only authorised staff are granted access. Disclosing your personal information Cardiyolo will not provide your personal information to any other individuals or organisations without your prior consent except where required by law to do so or where that information is provided on a confidential basis to contractors who provide services to Cardiyolo (for example database management, printing and mailing). In these cases, we ensure that our contractors are also bound by the Australian Privacy Principles to keep your personal information confidential. Cardiyolo is very thankful to people who are willing to share their personal stories of heart disease with others through media stories and in our newsletters. We will only use your personal information for publicity purposes or as stories in newsletters with your express written permission. Cardiyolo may, from time to time, include selected messages from Cardiyolo event sponsors, collaborators or third parties however we will not provide your details to any third party for marketing purposes without your prior consent. Transfer of information overseas would normally only occur for data processing purposes, for example third party payment facilitators may process their data off-shore. Cardiyolo’s payment gateway currently processes data in the USA.
Cardiyolo will not transfer your personal information overseas or into the “cloud” unless we have taken reasonable steps to ensure that the information which is being transferred will not be held, used or disclosed by the recipient of the information in a manner which is inconsistent with the Australian Privacy Principles. Cardiyolo will sometimes use third party service providers to conduct surveys and facilitate information collection and event registration. Some of these service providers conduct all or part of their business overseas and so your personal information may be transferred overseas as a result. Cardiyolo conducts a due diligence process before entering into an agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner inconsistent with the Australian Privacy Principles. Visiting our website Cardiyolo websites may use cookies to track site visits, navigation within Cardiyolo sites, and items added while using the online shopping or donation facilities. If you are concerned about the use of these cookies, your browser can be configured to notify you when you receive a cookie, and provide you with the opportunity to accept or reject it. You may refuse all cookies from Cardiyolo websites however some functions may be unavailable. Our online credit card processing company may also use cookies for identification and anti-fraud purposes. Where you provide your email address to us we will only use it for the purpose provided unless you have consented to us using it for additional purposes, and we will not pass it on to any other person or organisation unless we have disclosed this to you. We may also disclose your information where required by law to do so. Cardiyolo’s websites may contain links to other sites of interest. Cardiyolo does not control, and is not responsible for, the content or privacy practices of those websites. Please check the Privacy Policies on other websites before you provide your personal information to them. Our Website Security Forwarding credit card numbers or other sensitive information via email or facsimile is not safe. We suggest that you do not send information to us in either format. Certain sections of Cardiyolo’s websites are secured using SSL technology to encrypt data between your browser and the website. If you are entering any payment or credit card information on the internet, you should confirm that the page is secured (padlock symbol in your browser) before entering any information.
We make every effort possible to make your donations and transactions within our site as secure and safe as possible for you. By using this website you acknowledge and agree that the internet is inherently insecure and that you use the internet at your own risk. You acknowledge that you do not hold Cardiyolo liable for any security breaches, viruses, Trojans or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur as a result of using this website. We recommend the use of Microsoft Internet Explorer v9 or higher with a minimum resolution of 1024x768 for best viewing of Cardiyolo websites. From time to time Cardiyolo may contact donors directly to update or confirm their personal or credit card details. We will only disclose to you the last four digits of your credit card number – any contact you receive requesting a full credit card number and CVV number should be considered a hoax and you should disregard it and report the contact to http://www.scamwatch.gov.au or contact Cardiyolo’s Supporter Services team on 1300 72 44 75 for further information.
The Spam Act 2003 The Spam Act prohibits the sending of unsolicited emails, SMS and MMS messages for commercial purposes from or within Australia or to people in Australia, and bans the supply and use of software designed to harvest email addresses. While charities do have some exemptions from this Act, Cardiyolo will be guided by the best practice guidelines developed on responsible electronic messaging practices by the Association for Data-driven Marketing & Advertising in conjunction with industry and consumer representatives and administered by the Australian Communications and Media Authority. Changes to our Privacy Notice Cardiyolo may, without notice, amend or modify its Privacy Notice by posting the amended Privacy Notice to Cardiyolo’s website. How to access, correct or update your personal information If you have any complaints, questions or concerns about what information Cardiyolo holds or about the accuracy of that information, please contact the Privacy Officer in your state or territory. If you would like to access the information that we hold about you, or to complain about a possible breach of the Australian Privacy Principles, you can write to the Privacy Officer at the address provided below.
We will respond to your complaint or endeavour to give you access to the information requested within two weeks. In order to maintain the confidentiality of your personal information, we will ask you to come into Cardiyolo office nearest you and to bring with you specific identification before we give you access. If it is not practical for you to visit our office, we will arrange to check your identification before we mail the information out to you. If the information that we hold about you is incorrect or not up-to-date, we will update it as soon as possible after you have shown us how and why it is incorrect. In the unlikely event that we are unable to provide you with access to your personal information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access.
