Your privacy on the Internet is of the utmost importance to us. The cystic fibrosis organisations of Australia want to make your experience online satisfying and safe.
Because we gather certain types of information about our users, we feel you should fully understand the terms and conditions surrounding the capture and use of that information. This privacy statement discloses what information we gather and how we use it.
1.1 Cystic Fibrosis organisations are strongly committed to protecting the privacy of all their stakeholders.
1.3 Personal information is defined in the Act to mean information or an opinion, whether forming part of a database or not, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from that information or opinion. In short, personal information is information or an opinion that can identify an individual (including photographs).
1.4 All personal information collected or held by the organisations should be treated in accordance with this policy.
2. NPP1: Collection of information
2.1 The collection of personal information must be fair, lawful and executed in a reasonable, non-intrusive manner. Cystic fibrosis organisations collects personal information only if it is necessary for its functions and activities.
2.2 A person will be told at time of collection of their personal information:
(a) The Cystic Fibrosis entity’s identity and contact details;
(b) The purpose of the data collection;
(c) How the person can access the information;
(d) Any law that requires the personal information to be collected;
(e) Consequences of not giving the information;
(f) The names of any individuals or organisations, if any, who will receive the information.
If Cystic Fibrosis Organisations collect information about the individual from someone else, it will take reasonable steps to ensure that the individual is informed of the above.
3. NPP2 Use and disclosure of information
3.1 Cystic fibrosis organisations may only use or disclose personal information for the primary purpose for which it was collected unless:
(a) The individual consents to the use or disclosure of the information; or
(b) The secondary purpose is directly related to the primary purpose of collection and the person would reasonably expect the organisation to use or disclose it in that manner; or
(c) The information is not of a sensitive nature and then may be used for direct marketing under specific circumstances specified in NPP2.1(c); or
(d) The information is necessary for law enforcement, public or individual health and safety purposes; or
(e) The information is genetic information obtained in the course of providing health service to the individual and fulfils the requirements under NPP2.1 (ea).
3.2 Cystic fibrosis organisations may disclose health information about the individual to a person responsible for the individual if it is necessary to provide appropriate care or for compassionate reasons, the individual is physically or legally unable to communicate direct consent, and the disclosure is not contrary to the known wishes expressed by the individual.
3.3 A person is responsible for an individual if the person is:
A parent of the individual; or
(a) A child or sibling of the individual and at least 18 years old; or
(b) A spouse or de facto spouse of the individual; or
(c) A relative of the individual, at least 18 years old and a member of the individual’s household; or
(d) A guardian of the individual; or
(e) Exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual’s health; or
(f) A person who has an intimate personal relationship with the individual; or
(g) A person nominated by the individual to be contacted in case of an emergency.
4. NPP3 Quality of information
All cystic fibrosis organisatons will take reasonable steps to ensure the personal information it collects, uses and discloses is accurate, complete and up to date.
5. NPP4 Security of information
All cystic fibrosis organisations will take reasonable steps to protect the personal information it holds from misuse and loss, and from unauthorised access, modification or disclosure. Personal information that is no longer needed will be destroyed or permanently de-identified.
6. NPP5 Openness
7. NPP6 Access and correction of information
7.1 Cystic fibrosis organisations will, upon request, provide access to an individual’s own personal information in accordance with the requirements of the NPPs and the attached Procedure.
7.2 Subject to the NPPs and the attached Procedure, the organisations will let a member or donor see the personal information it holds about them and correct it if it is inaccurate.
7.3 The organisations will provide reasons for denial of access or correction in accordance with NPP 6.1.
8. NPP7 Identifiers
All cystic fibrosis organisaitons will ensure that no Commonwealth Government identifiers (e.g. Tax File Numbers or Medicare numbers) are used as identifiers of individuals or their information.
9. NPP8 Anonymity
When lawful and practicable, individuals will have the option of not identifying themselves when dealing with any cystic fibrosis organisation.
10. NPP9 Trans-border data flows
Each cystic fibrosis organisation will only permit trans-border data flows (information sent to an individual in another country) in accordance with the regulations of the Privacy Amendment (Private Sector) Act 2000. In general, information is only transferred if consent is given or if it is necessary in the interest of the individual.
11. NPP10 Sensitive information
11.1 Cystic Fibrosis organisations will not collect sensitive information* unless it:
(a) Has the individual’s consent; or
(b) Is required by law; or
(c) is necessary to prevent or lessen serious and imminent threat to the life or health of any individual, and consent cannot be obtained; or
(d) Is necessary for research and statistics collection relevant to public health and safety, or management, funding and monitoring of CFQ (subject to limitations under NPP10.3)
11.2 *Sensitive information includes but is not limited to:
(a) Racial or ethnic origin.
(b) Political opinions.
(c) Membership of a political association.
(d) Religious beliefs or affiliations.
(e) Philosophical beliefs.
(f) Membership of a professional or trade association.
(g) Membership of a trade union.
(h) Criminal record.
(i) Sexual preference or practice.
(j) Health information.**
11.3 **Health information is:
Information or an opinion about:
(a) The health or a disability (at any time) of an individual; or
(b) An individual’s expressed wishes about the future provision of health services to him or her; or
(c) A health service provided, or to be provided, to an individual; that is also personal information; or
(d) Other personal information collected to provide, or in providing, a health service; or
(e) Other personal information about an individual collected in connection to the donation, or intended donation, by the individual of his or her body parts, organs or body substances.
Cystic fibrosis organisations have in place:
(a) A privacy complaint handling system.
(c) A Procedure to analyse data flow.
(d) Staff Privacy Training.
(e) Data Security.
13. For each cystic fibrosis organisation the following applies:
13.1 Each member’s and donor’s right to their privacy and confidentiality are respected, they also have a right to access their personal information held in accordance with the NPPs and the attached Procedure.
13.2 Each member and donor is informed of the Privacy Procedures and effort is made to ensure that they understand their rights in relation to these Procedures.
13.3 Each member and donor or a person authorised by such, or the legal guardian has access to personal information held by the relevant organisation within the constraints of the NPPs.
13.4 All Cystic Fibrosis staff and volunteers sign a Confidentiality Agreement.
13.5 Members and donors can request access to their personal information held by Cystic Fibrosis Queensland.
13.6 Any complaints regarding privacy, confidentiality and access to information breaches are reviewed and documented.
14. Code of Conduct for Staff
All staff members will respect the privacy of users and hold personal information obtained in the course of their duties in confidence except where the law demands otherwise, or there are ethical or moral reasons not to do so and disclosure is permitted under NPP2, or where the individual specifically consents to the disclosure.
15. Contacting us
15.1 If you have any concerns about the privacy of your information or queries about access or correction of personal information, you may contact the Chief Executive Officer, of any cystic fibrosis organisation, 9.00 am – 5.00 pm, Mon-Fri. For contact details please refer to the organisation’s contact us page.
15.2 For more information about privacy in general, you can visit the federal privacy commissioner’s website at www.privacy.gov.au.
15.3 A copy of the NPPs is available at: http://www.privacy.gov.au/publications/npps01.html#npp2.