Privacy Policy

Lung Foundation Australia takes your privacy seriously.

Our privacy policy covers:

  • How we collect and handle your personal information
  • Who we exchange your personal information with
  • How you can access and correct your personal information
  • Who you can contact with respect to our Privacy Policy

For information about the use of Lung Foundation Australia websites including disclaimers, warranties and terms and conditions, please contact us, here.

Read our privacy collection statements, here.

Lung Foundation Australia Privacy Policy

1. Introduction

1.1 Lung Foundation Australia Limited ACN 160 505 671 (“LFA”, “we”, “our” or “us”) is an Australian registered charity that supports all aspects of lung health. We have a proud history of supporting research, providing education services as well as training health professionals, and undertaking community awareness activities and advocacy around Australia in relation to lung health.

1.2 We respect the privacy of the personal information you may provide to us when we deal with you – for example as volunteers, members, donors, customers, patients, carers, employees and stakeholders. The way we manage your personal information is governed by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) established under the Privacy Act.

1.3 This Privacy Policy explains how we manage the personal information we hold about you. Please note that this Privacy Policy is to be read subject to any overriding provisions of law or contract.

Your acknowledgement and consent

1.4 By continuing to correspond with us, using our website, by providing us with personal information, you are taken to have read and understood this Privacy Policy and you have consented to us managing your personal information in the way described in this Privacy Policy.

Users 16 and under

1.5 If you are aged 16 or under, you must obtain your parent or guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information.

2. What is Personal information?

2.1 For the purposes of this Privacy Policy, “personal information” has the meaning given to it in the Privacy Act, being information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether the information or opinion is recorded in a material form or not.

3. Collecting personal information

What kinds of personal information do we collect and hold?

3.1 The types of personal information we may collect include, but are not limited to:

(a) contact details and other details including:

(i) your full name and date of birth, and personal contact details (including your address, landline or mobile telephone numbers, fax number and e-mail address); and

(ii) contact and identification details of any third party that you have authorised to negotiate or provide your personal information on your behalf (including any attorneys appointed by you under a power of attorney or in relation to bequests an Executor of your Estate);

(b) banking and payment details including tax file numbers, ABN, bank account and credit card information, and any other information required for us to sell online products, accept donations and membership fees;

(c) where relevant, your employer details (for example if you participate in workplace giving);

(d) corporate details including your company name, job title and business sector, and any other information required for us to engage in a corporate partnership relationship with you;

(e) volunteering details including your resume, and any other information required for us to approve you as an LFA volunteer;

(f) if you are a health professional, your professional information including but not limited to:

(i) professional accreditation details;

(ii) practice details (including address, contact details and banking information);

(iii) relevant employment history; and

(iv) academic / publication history.

(g) any information required for security and screening purposes (for example your photograph or copy of your Blue Card);

(h) any correspondence between you and LFA; and

(i) any other personal information provided to us when you make an inquiry, request information (including our information packs and information about our related products and services), respond to marketing or lodge a complaint.

3.2 We may also collect sensitive information from you.

3.3 Sensitive information is defined by the Privacy Act to be certain kinds of personal information. Examples of sensitive information that we may collect from you through providing information and other services to you include:

(a) health and medical information – for example: patient or treatment history provided when seeking advice from the LFA Information & Support Centre or participating in disease registries, research programs or clinical trials; and

(b) criminal history, affiliations with any advocacy / political groups (if you are dealing with us on behalf of a particular groups).

3.4 Sensitive information is subject to stricter controls. We will only collect sensitive information about you with your consent. If we receive any sensitive information about you, we will handle it in accordance with this Privacy Policy, the Privacy Act and the APPs.

How do we collect personal information?

3.5 Where possible, we will always try to collect personal information directly from you – for example when you:

(a) request information, contact or deal with us through our website or Information Support Centre, or contact us by telephone;

(b) correspond with us in writing (such as letters and emails); or

(c) meet with us in person.

3.6 We may also obtain your personal information from third parties we deal with, such as:

(a) any person you authorise to deal with us on your behalf; and

(b) any other organisation with whom we deal.

3.7 Where we collect personal information from third parties you refer to us, we will assume, and you should ensure, that you have made that third party aware of the referral and the purposes of collection, use and disclosure of the relevant personal information.

4. Dealing with us anonymously

4.1 Whenever it is lawful and practicable, you will have the option of not identifying yourself when dealing with us. For example, general access to our website does not, and general telephone queries do not, require you to disclose personal information about yourself.

4.2 However, there are parts of our website where we may need to collect personal information from you for a specific purpose – for example, to provide you with certain information or publications you request, or to process transactions, or for access to specialized forums or training.

5. Why do we collect, hold, use and disclose personal information?

5.1 We collect, use and disclose your personal information to enable us to provide services, products and information to assist individuals and health care professionals in their understanding, involvement with and support of lung disease, and to otherwise carry out our functions and activities.

5.2 In particular, we may collect, use and disclose your personal information in order to:

(a) respond to your requests or inquiries;

(b) provide you with the services, products and information you requested. For example, providing you with information, upcoming event information, promotions or special offers such as sending you a free quarterly newsletter;

(c) enable you to make a donation or purchase a product from us online including:

(i) making a personal donation or a donation on behalf of a company, organisation, community club or school;

(ii) making a bequest; and

(iii) making a donation in memoriam;

(d) enable you to become an LFA member, corporate partner, volunteer, employee or affiliated health care professional, and engaging in a business or other commercial relationship with you;

(e) process your registration for any training courses we provide;

(f) enable you to participate in research initiatives;

(g) enable you to engage in fundraising initiatives and awareness campaigns for LFA;

(h) communicate with you during the course of your relationship with us;

(i) notify you about important changes or developments to our functions, activities, services or our website and improving our customer services (for example, using customer feedback to improve our website’s ease of use and efficiency);

(j) administer, support, improve and develop our organisation and services;

(k) update and maintain our records – for example, account management and administering records of our subscription services;

(l) if you lodge a complaint with us – process and respond to your complaint;

(m) any other purpose which relates to or arises out of requests made by you;

(n) do anything which you authorise or consent to us doing; and

(o) take any action we are required or authorised by law to take.

5.3 LFA will not sell, trade or rent personal information we hold about you to unaffiliated third parties without your prior consent.

6. Disclosing your personal information

6.1 In carrying out our functions and activities set out above, we may disclose your personal information to the following:

(a) our business partners, stakeholder and service providers (such as our sponsors, other health associations, medical bodies, community groups, Federal and State Government bodies, and contractors who may provide website, IT, marketing, administration and other services to support LFA);

(b) our professional advisers (for example, our insurers, auditors, lawyers and consultants);

(c) third parties we engage to carry out promotions or other activities you have requested, or for direct marketing purposes (unless you have opted-out of direct marketing communications);

(d) any entity to whom we are required or authorised by law to disclose your personal information (for example, law enforcement agencies and government and regulatory authorities such as federal and state health departments);

(e) any successors in title to our organization or business trading activities as provided for in the Constitution of Lung Foundation Australia; and

(f) other entities with your consent (express or implied).

6.2 The above entities may in turn disclose your personal information to other entities as described in their respective privacy policies or notices.

6.3 To help the Lung Foundation to reach more generous supporters like you, occasionally the Lung Foundation may collaborate with other like-minded charitable organisations on mailings with information that we believe may be of interest to you. These like-minded charitable organisations usually allow us to do the same, and by collaborating like this we can reach more people with vital charitable information.

7. Direct Marketing

7.1 If you consent to your personal information being used for direct marketing, we may use your personal information to provide you with information about products, fundraising activities, services and promotions.

7.2 If you do not wish to receive such information, you can opt-out at any stage. If you decide to opt-out, you will be removed from LFA’s marketing database to ensure that you do not receive future direct marketing material.

7.3 There may be times, however, when the law requires us to provide certain information to you (for example health and safety information). We will continue to send this information to you.

8. Overseas disclosure of personal information

8.1 From time to time, LFA may engage service providers located in one or more overseas countries to perform certain of our functions and activities. In the course of providing services to LFA, we may need to disclose your personal information to these service providers. If overseas service providers are engaged and personal information is sent overseas, we will take reasonable steps to ensure that our service providers are carefully chosen and have policies, procedures and systems in place to ensure your personal information is otherwise handled in accordance with the Privacy Act.

9. Dealing with us online

9.1 This Privacy Policy applies to your use of our principal website (lungfoundation.com.au) and related websites / mobile apps that LFA may create from time to time and any personal information that you may provide to us via these sources.

9.2 When you visit our website, we and/or our contractors may collect certain information about your visit. Examples of such information may include:

(a) Cookies

Cookies are small amounts of information which we may store on your computer (after you register on our website) to enable our server to collect certain information from your web browser. Cookies do not identify the individual user, just the computer used. Cookies and other similar technology make it easier for you to log on to and use the website during future visits (for example, they may maintain a shopping basket for your orders). They also allow us to monitor website traffic, to identify you when you visit our website, personalise website content for you, enable you to both carry out transactions and have access to information about your account. Cookies themselves only record which areas of the site have been visited by the computer in question, and for how long. Allowing us to create a cookie does not give us access to the rest of your computer and we do not use cookies to track your online activity once you leave our site. Cookies are read only by the server that placed them, and are unable to execute any code or virus.

(b) Site visit information

We also collect general information about your visit to our website. The information we collect is not used to personally identify you, but instead may include your server address, the date and time of your visit, the pages you accessed and the type of internet browser you use. This information is aggregated and used for the purposes of system administration, to prepare statistics on the use of our website and to improve our website’s content.

(c) Online payment systems

We use third party payment process providers whose services meet stringent security requirements including Level 1 PCI DSS compliance, EMV certification and ISO 9002 accreditation. When you enter your payment details online, you are using a secure site which uses 1024 bite tunnelling encryption to protect your information during transmission. Transactions are protected by encryption technology and a combination of firewalls and intrusion detection systems.

(d) Login information

Some functions of the website and other online tools are subject to specific login credentials before access is granted. This may include forums and health professional related information. We may also collect personal information (including financial details) to facilitate future visits or use of our website (for example: payment details for repeated online shopping).

We seek to keep current with available security encryption technology so as to maintain the effectiveness of our security systems.

9.3 However, no transmission over the internet can be guaranteed as totally secure and accordingly, we cannot warrant or ensure the security of any information you provide to us over the internet. Please note that you transmit information at your own risk.

9.4 Our website may also contain links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

10. Social media

10.1 We collect personal information from our followers/subscribers on social media channels including Facebook, Twitter, Instagram and Push Notification Applications. The information is used for the purposes of developing and displaying LFA promotion materials as well as to send notifications via mobile applications regarding event notifications such as education and seminar times. We have procedures in place to ensure your personal information collected from social media channels in accordance with this Privacy Policy.

11. Personal information storage and security arrangements

11.1 We take reasonable steps to protect your personal information from interference, loss, misuse, unauthorised access, modification or disclosure. We may store your personal information in different forms, including in hardcopy and electronic form. We have established policies, procedures and systems to keep your personal information secure – including but not limited to password protection and securing physical storage arrangements.

11.2 When we no longer require your personal information, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner. However, we may sometimes be required by law to retain certain personal information.

12. Accessing and correcting your personal information

Correcting your personal information

12.1 So that we can carry out our activities and functions, it is important that the personal information we hold about you is complete, accurate and up to date. At any time while we hold your personal information, we may request that you inform us of any changes to your personal information. Alternatively, if you believe that any of the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading or needs to be corrected or updated, please contact us using our Contact Details below . We will respond to a request to correct your personal information within a reasonable time.

12.2 If we refuse to correct your personal information, you may request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Accessing your personal information

12.3 You may also request access to the personal information we hold about you by contacting us using our Contact Details provided below. We will respond to a request for access within a reasonable time – either by giving you access to the personal information requested, or by notifying you of our refusal to give access.

Access and correction arrangements generally

12.4 We may require you to submit your requests in writing and require that you verify your identity before we respond to any request.

12.5 We will not charge you an application fee for making a request to access the personal information we hold about you or for requesting any correction to your personal information.

12.6 However, in certain circumstances we may charge you a fee for providing you with access to your personal information, for example if you make multiple request for information, the information requested is voluminous or we incur third party costs in providing you with access to your personal information.

12.7 If we cannot respond to you within a reasonable time (generally within 30 days), we will contact you and provide a reason for the delay and an expected timeframe for finalising your request.

12.8 Please note that in certain circumstances, we are permitted by law to refuse to provide you with access to your personal information.

12.9 If we decide not to provide you with access to or correct your personal information, we will provide you with written reasons for our decision and advise you of the further complaint mechanisms available to you.

13. Lodging a complaint

13.1 If you have a complaint about how we handled your personal information or about any decision to refuse access or correction of your personal information, please contact us using the Contact Details below. We will request that you lodge your complaint in writing.

13.2 We will acknowledge receipt of your complaint as soon as possible after receiving your written complaint. We will then investigate the circumstances of your complaint and provide you with a response within a reasonable timeframe.

13.3 If you are still not satisfied with how your complaint is handled by us, then you may lodge a formal complaint with the Office of the Australian Information Commissioner at:

(a) Telephone: 1300 363 992 (if calling from outside Australia including Norfolk Island please call: +61 2 9284 9749)

(b) National Relay Service:

(i) TTY users phone 133 677 then ask for 1300 363 992

(ii) Speak and Listen users phone 1300 555 727 then ask for 1300 363 992

(iii)Internet relay users connect to the National Relay Service then ask for 1300 363 992

(c) Post: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001

(d) Fax: +61 2 9284 9666

(e) Email: enquiries@oaic.gov.au

(f) Website: http://www.oaic.gov.au/privacy/making-a-privacy-complaint

14. Our Contact details

14.1 If you wish to contact us regarding our handling of your personal information or any of the matters covered in this Privacy Policy, you may do so in a number of ways.

14.2 You may contact us on:

(a) Telephone: (07) 3251 3600 and ask for the General Manager – Corporate Services.

(b) Post: General Manager – Corporate Services, Lung Foundation Australia, PO Box 1949, MILTON QLD 4064

(c) Fax: (07) 3368 3564

(d) Email: finance@lungfoundation.com.au

(e) Website: https://lungfoundation.com.au/privacy-policy/

15. NOTIFIABLE DATA BREACHES

15.1 The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Lung Foundation Australia to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Lung Foundation Australia will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See www.oaic.gov.au for further information.

16. CHANGES TO OUR PRIVACY POLICY

16.1 We welcome your questions and any suggestions you may have about our Privacy Policy.

16.2 We reserve the right to revise or supplement this Privacy Policy from time to time. Any updated version of this Privacy Policy will be posted on our website www.lungfoundation.com.au and will be effective from the date of posting. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Policy so that you remain aware of the way we handle your personal information.

16.3 This Privacy Policy was last updated on 15 July 2020.