The Redcliffe Hospital Foundation (RHF) is a community based not for profit statutory authority whose core business is fundraising for medical research, education, community partnerships and resources at Redcliffe Hospital. The Privacy Amendment (Private Sector) Act 2000, effective 21 December 2001, sets out guidelines which regulate how private sector organisations should treat personal and/or sensitive information they collect, use, handle or store.
The National Privacy Principles set minimum standards for:
- collection, use and disclosure of personal information which could identify a person
- quality, security and storage of that information
- giving an individual access to their information
- transferring information offshore
- special categories of information such as "sensitive" information and "health" information
National Privacy Principle [NPP]
The National Privacy Principles establishes 10 principles to which an organization must comply in regard to personal and sensitive information.
- NPP1 Collecting information
- NPP2 Using and disclosing information
- NPP3 Data quality
- NPP4 Data security
- NPP5 Openness
- NPP6 Access and correction
- NPP7 Identifiers
- NPP8 Anonymity
- NPP9 Transborder Data Flow
- NPP10 Sensitive information
Collection of Information
- Personal and sensitive information is only collected as is reasonably necessary to enable the RH Foundation to maintain its activities and deliver services to the community.
- Personal information about an individual should only be collected from that individual with their consent.
- Collection will be undertaken by a method which is fair, lawful and not unreasonably intrusive.
- Individuals from whom personal information is collected are to be made aware of:
- The RH Foundation contact details
- The primary purpose for which the information is collected
- Any possible secondary purpose for which the information may be used
- The ability of individuals to access the information held on themselves
Use and Disclosure of Information
- Information will only be used or disclosed for the primary purpose for which it was collected. In some instances, information provided by individuals may be used to keep them better informed about the RH Foundation activities and services, such as by way of a newsletter. Individuals will have the rights to opt out of receiving such additional mailings.
- Personal information about an individual will not be used or disclosed for a secondary purpose unless:
- The purpose is closely related to the primary purpose and the individual would reasonably expect the information to be used in that way, or
- The individual has consented (recognising the competence to consent), or
- The RH Foundation has a legal obligation to disclose personal information which overrides the provisions of the primary legislation
- The RH Foundation will not sell or exchange or release personal information about an individual for commercial gain.
Quality of Information
Reasonable steps will be taken to ensure information collected and used is complete, accurate and up to date.
Security of Information
- Reasonable steps will be taken to protect personal information from misuse, loss, unauthorised use, modification or disclosure.
- Personal information will be destroyed or permanently de-identified when it is no longer needed for the purpose for which it was collected.
- The RH Foundation web site uses secure technology for on-line transactions to protect personal details including credit card information.
- The RH Foundation website contains links to other websites. The RH Foundation does not accept responsibility for the privacy practices or the content of linked websites.
Openness of Information
- Reasonable steps will be taken to allow any person, on request, to ascertain generally what sort of personal information is held, for what purpose, how it was collected, stored and used.
Accessibility of Information
- Information held on an individual is accessible to them on request (except where frivolous and vexatious) and will generally be available free of charge.
- Reasonable steps will be taken to ensure the information provided is accurate and up to date.
Identifiers used will be unique to the RH Foundation.
Individuals have the option of not identifying themselves when dealing with the RH Foundation.
Transborder Data Flow
The RH Foundation will not sell, exchange or release personal information.
- Sensitive information about an individual will not be collected without that individual’s consent, or
- The information is collected in the course of the RH Foundation activities where the individual is in regular contact in relation to those activities and the individual understands that the information will not be disclosed without consent.
- Personal and/or sensitive information will be collected and maintained on confidential databases maintained by the RH Foundation in support of its activities and service provision.
- Staff and volunteers who may have access to personal and/or sensitive information in the course of their duties, will respect its confidentiality and not disclose the information to any third party.
- Breaches of confidentiality by staff will be dealt with in accordance with the conditions of appointment to the staff of the RH Foundation.
- Breaches of confidentiality by volunteers will be dealt with in accordance with the RH Foundation's volunteer management policies and procedures.
Changes To This Statement
We may amend this statement from time to time by posting the amended version on this website.
If you have any questions, please don’t hesitate to contact us.