Are you looking for the CCQ Offshore Personal Information Guidelines? Click here.
Are you looking for the CCQ Privacy Position statement? Click here.
CCQ supports the importance that the community places on the maintenance of confidentiality of individuals’ personal and/or sensitive information. This extends to the collection and management of information held in its records regarding individuals.
CCQ is a non-government community based not for profit organisation whose core business is cancer control and fundraising. In order to pursue these areas of activity, CCQ must provide assurances to the community of its commitment to privacy of personal information.
If you have any concerns about the manner in which your personal information has been collected, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue. We can be e-mailed at firstname.lastname@example.org or write to us at Privacy Officer, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004 and we will then attempt to resolve the issue.
We recommend that you keep this information for future reference.
2 I don’t have time to read the whole policy. What should I read first?
(a) how we collect, use, disclose and store your personal information; and
(b) how you can contact us if you want to access or correct personal information we hold about you.
If, on the other hand, you are in search of a more comprehensive explanation of our information handling practices, then this is the document for you.
3 Policy Statement and Details
3.1 What is personal information?
The Privacy Act defines “personal information” to mean information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be reasonably ascertained, from the information or opinion.
3.2 Sensitive information
3.2.1 What is sensitive information?
Sensitive information is a subset of personal information. It means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or health information.
In general, we attempt to limit the collection of sensitive information but this is not always possible given the counselling, support and Research Services performed by CCQ. Research Services include cancer research and statistical compilation and analysis that is conducted or supported by CCQ. Where required, we will collect sensitive information from you, or from third parties about you, in order to carry out the services provided to you, or in order to carry out or support our Research Services. We do not collect sensitive information from you without your consent. We may, however, receive sensitive information about you from third parties without your consent (where this is permitted by the Privacy Act or other applicable laws) in order for us to carry out our Research Services.
The type of sensitive information we may collect from you or record about you is dependent on the services provided to you by CCQ and/or the purpose of collection and will be limited to the purpose(s) for which it is collected. We do not use sensitive information to send you Direct Marketing Communications (as defined in paragraph 7 below) without your consent.
3.2.2 Consent to collection of certain types of sensitive information
We may collect certain types of sensitive information where you have consented and agree to the collection of such information, or where otherwise provided to us in order for us to conduct our Research Services.
We may also collect sensitive personal information without your consent in accordance with the Privacy Act and any other applicable laws. The main types of sensitive personal information that we may collect without your consent relate to:
(a) the criminal record of an individual;
(b) the health or medical information of an individual; and
(c) genetic information,
but only to the extent that you volunteer such information or if it is necessary for, or incidental to, the purposes of collection set out in paragraph 5 or as otherwise permitted or required by law.
4 Collection of your personal information
4.1 Types of information we may collect
We only collect personal information that is necessary for what we do. The type of information we may collect from you includes the following:
(a) your contact information (both home and work) such as full name (first and last), e-mail address, current postal address and phone numbers;
(b) your date of birth;
(c) your employment details, including but not limited to your job title, any training and skills you may have;
(d) your financial details;
(e) your insurance policies and details, if applicable;
(f) your opinions via surveys and questionnaires, if applicable;
(g) details relating to the goods and services you have obtained from us;
(h) details relating to donations made to us;
(i) if you are making a donation or requesting products or services from us or we are purchasing goods or services from you, then any relevant payment or billing information (including bank account details, credit card details, billing address and invoice details);
(j) any sensitive information listed in paragraph 2; and
(k) your username and password when setting up an account on our website.
4.2 Direct collection
4.3 Optional activities
When you engage in certain activities, such as purchasing a product, signing up for a service, entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
4.4 Mandatory information
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to effectively provide our services to you.
4.5 Website “cookies”
If you use our Website, we may utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. A cookie does not identify you personally but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
5 How we may use and disclose your personal information
5.1 Use and disclosure
We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
You consent to us using and disclosing your personal information to facilitate the applicable primary purpose/s for which such information was collected in connection with:
(a) if required, the verification of your identity;
(b) fundraising, including the processing of donations and grants;
(c) the processing of scholarships, awards and courses;
(d) in undertaking our Research Services;
(e) the processing of orders, including to communicate with you concerning such orders;
(f) the provision of our goods and services to you (as applicable), including but not limited to counselling, support services, volunteering and fundraising;
(g) the administration and management of donations or our goods and services, including charging, billing, credit card authorisation and verification and collecting debts to the extent that such information is not directly provided to our third party hosted payment system for processing;
(h) the improvement of our services (including to contact you about those improvements and asking you to participate in surveys about the goods and services);
(i) the maintenance and development of our goods and services, products, business systems and infrastructure;
(j) marketing, events, conferences and promotional activities by us and other Cancer Councils (as defined in paragraph 6.1(f)) (including by direct mail, telemarketing, email, SMS and MMS messages);
(k) to provide customer service functions, including handling customer enquiries and complaints;
(l) to offer you updates, or other content or products and services that may be of interest to you;
(m) our compliance with applicable laws;
(n) your employment (or potential employment) by us; and
(o) any other matters reasonably necessary to facilitate the primary purpose and to continue to provide our goods and services.
5.2 When we will seek your consent
We will not use or disclose your personal information without your consent unless:
(a) it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
(b) if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
(c) if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
(d) if it is required or authorised by law.
5.3 Additional consent required
In the event we propose to use or disclose such personal information other than for reasons in paragraphs 5.1 and 5.2 above and unless paragraph 5.5 applies, we will first seek your consent prior to such disclosure or use.
If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us by e-mail at email@example.com or write to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004 and we will ensure the relevant communication ceases.
5.5 Disclosure required by law
6 The types of organisations to which we may disclose your personal information with your consent
6.1 Disclosure to third parties
Examples of organisations and/or parties that your personal information may be provided to, where appropriate given the goods or services that we are providing to you, and where we have your consent to do so, include:
(a) offshore service providers, if any;
(b) charitable or likeminded organisations, grant and award providers which are aligned with CCQ, and third party service providers who facilitate the sharing of information between such types of charitable or likeminded organisations;
(c) third party service providers, Government departments and agencies, volunteers and medical health personnel that may assist CCQ with financial support, transportation and accommodation services;
(d) third party service providers, Government departments and agencies, volunteers and medical health personnel that may assist CCQ with counselling, fundraising and support services;
(e) third party service providers, Government departments and agencies, research institutions including but not limited to hospitals and universities, volunteers and medical health personnel that are concerned with cancer research and prevention;
(f) Cancer Council Australia and state and territory Cancer Councils that are members of Cancer Council Australia (“Cancer Councils”); and
(g) our contractors, third party service providers, volunteers and agents.
7 Direct Marketing
7.1 Who are Supporters and what are Direct Marketing Communications?
For the purpose of this clause, a “Supporter” is an individual or organisation who has donated or participated in fundraising and other activities in support of Cancer Council Queensland, and “Direct Marketing Communication” is any communications about products, services, events, fundraising or any other activity (including third party products, services, events and fundraising) which may be of interest to you.
7.2 Consent by Supporters
Where you are a Supporter:
(a) you expressly consent to us using your personal information; including any email address you give to us, to send you Direct Marketing Communications;
(b) you expressly consent to us disclosing your personal information to other Cancer Councils who may also use your personal information for sending you Direct Marketing Communications. We will take reasonable steps to ensure that your information is used by other Cancer Councils in accordance with the terms of the Privacy Act;
(c) you expressly consent to us disclosing your personal information to other likeminded organisations (including other charities, and third party service providers who facilitate the sharing of information between such types of charitable or likeminded organisations) who may also use your personal information for sending you Direct Marketing Communications. We will take reasonable steps to ensure that your information is used by such organisations in accordance with the terms of the Privacy Act; and
(d) if at any time you do not wish us to disclose your personal information to others under paragraphs (b) or (c) or you do not wish to receive any further Direct Marketing Communications from us, then you can simply request to opt out of receiving further Direct Marketing Communications from us and/or ask that we not to disclose your information to other organisations for that purpose. In the case of paragraph (c) we will give you an opportunity to opt out not less than 30 days before we disclose your personal information to such organisations. You may do this by contacting us by email at firstname.lastname@example.org, by calling our Donor Hotline 1300 663 936 or by writing to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.
8 Cross Border Disclosure
8.1 Transfer of personal information overseas
8.2 Consent to transfer overseas
By submitting your personal information to CCQ, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia, as described in paragraph 8.1. In providing this consent you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information. You acknowledge that if such offshore entities handle your personal information in breach of the Australian Privacy Principles they and we will not be accountable under the Privacy Act and you will not be able seek redress under the Privacy Act.
If you do not agree to the transfer of your personal information outside Australia, please contact us by email at email@example.com or by writing to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.
9 Data quality and security
At all times we will take reasonable steps to help ensure your personal information is safe including:-
(a) making sure that the personal information we collect, use or disclose is accurate, complete and up to date;
(b) protecting your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
(c) destroying or permanently de-identifying personal information if it is no longer needed for any authorised purpose.
You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the internet is involved. Notwithstanding the foregoing, we have implemented appropriate internal procedures to respond to the unauthorised access or disclosure of your personal information in a manner which constitutes a data breach (“Security Incident”) including, but not limited to, taking reasonable steps to contain the Security Incident, undertaking a preliminary assessment of the Security Incident and (where appropriate following the results of that assessment) implementing appropriate changes. Where required under the Privacy Act, or in any instance where we feel it is appropriate to do so, we will notify you and the appropriate authorities if a Security Incident occurs.
The accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
(a) let us know if there are any errors in your personal information; and
(b) keep us up-to-date with changes to your personal information (such as your name or address).
10 Access to and correction of your personal information
You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law. You can gain access by emailing us at firstname.lastname@example.org or writing to us at Privacy Officer, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004. We reserve the right to charge a fee for searching for and providing access to your information.
11 Confidential Information held by the Queensland Cancer Registry
Any and all requests for access to information held by the Queensland Cancer Registry are subject to the provisions of the Public Health Act 2005, the Right to Information Act 2009 and the Information Privacy Act 2009.
12 Governing law