Our Privacy Policy

Cancer Council Queensland Privacy Policy

Are you looking for the CCQ Offshore Personal Information Guidelines? Click here.

Are you looking for the CCQ Privacy Position statement? Click here.

1   Purpose

In this Privacy Policy, the expressions “CCQ”, “we”, “us” and “our” are a reference to Cancer Council Queensland ACN 009 784 356.

CCQ supports the importance that the community places on the maintenance of confidentiality of individuals’ personal and/or sensitive information.  This extends to the collection and management of information held in its records regarding individuals.

CCQ is a non-government community based not for profit organisation whose core business is cancer control and fundraising.  In order to pursue these areas of activity, CCQ must provide assurances to the community of its commitment to privacy of personal information.

This Privacy Policy applies to personal information collected by us.  We are bound by the Privacy Act 1988 (Cth) (the “Privacy Act”), which governs the way private sector organisations collect, use, keep secure and disclose personal information.

If you have any concerns about the manner in which your personal information has been collected, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue. We can be e-mailed at privacyofficer@cancerqld.org.au or write to us at Privacy Officer, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004 and we will then attempt to resolve the issue.

We recommend that you keep this information for future reference.

2   I don’t have time to read the whole policy. What should I read first?

If all you want is a snapshot of our personal information handling practices, you can have a look at our Privacy Policy Position Statement. This offers an easy to understand summary of:

(a)     how we collect, use, disclose and store your personal information; and

(b)     how you can contact us if you want to access or correct personal information we hold about you.

If, on the other hand, you are in search of a more comprehensive explanation of our information handling practices, then this is the document for you.

3   Policy Statement and Details

3.1   What is personal information?

The Privacy Act defines “personal information” to mean information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be reasonably ascertained, from the information or opinion.

3.2   Sensitive information
3.2.1   What is sensitive information?

Sensitive information is a subset of personal information.  It means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or health information.

In general, we attempt to limit the collection of sensitive information but this is not always possible given the counselling, support and Research Services performed by CCQ.  Research Services include cancer research and statistical compilation and analysis that is conducted or supported by CCQ. Where required, we will collect sensitive information from you, or from third parties about you, in order to carry out the services provided to you, or in order to carry out or support our Research Services.  We do not collect sensitive information from you without your consent.  We may, however, receive sensitive information about you from third parties without your consent (where this is permitted by the Privacy Act or other applicable laws) in order for us to carry out our Research Services.

The type of sensitive information we may collect from you or record about you is dependent on the services provided to you by CCQ and/or the purpose of collection and will be limited to the purpose(s) for which it is collected.  We do not use sensitive information to send you Direct Marketing Communications (as defined in paragraph 7 below) without your consent.

3.2.2   Consent to collection of certain types of sensitive information

We may collect certain types of sensitive information where you have consented and agree to the collection of such information, or where otherwise provided to us in order for us to conduct our Research Services.

We may also collect sensitive personal information without your consent in accordance with the Privacy Act and any other applicable laws.  The main types of sensitive personal information that we may collect without your consent relate to:

(a)   the criminal record of an individual;

(b)   the health or medical information of an individual; and

(c)   genetic information,

but only to the extent that you volunteer such information or if it is necessary for, or incidental to, the purposes of collection set out in paragraph 5 or as otherwise permitted or required by law.

4   Collection of your personal information

4.1   Types of information we may collect

We only collect personal information that is necessary for what we do. The type of information we may collect from you includes the following:

(a)   your contact information (both home and work) such as full name (first and last), e-mail address, current postal address and phone numbers;

(b)   your date of birth;

(c)   your employment details, including but not limited to your job title, any training and skills you may have;

(d)   your financial details;

(e)   your insurance policies and details, if applicable;

(f)   your opinions via surveys and questionnaires, if applicable;

(g)   details relating to the goods and services you have obtained from us;

(h)   details relating to donations made to us;

(i)   if you are making a donation or requesting products or services from us or we are purchasing goods or services from you, then any relevant payment or billing information (including bank account details, credit card details, billing address and invoice details);

(j)   any sensitive information listed in paragraph 2; and

(k)   your username and password when setting up an account on our website.

4.2   Direct collection

As much as possible, we will collect your information directly from you.  If we collect details about you from someone else, we will, whenever reasonably possible (unless we are legally exempt from complying with this obligation), make you aware that we have done this and why.  If you have provided us with personal information in relation to another person we ask that you only do so with that individual’s consent (or that you are otherwise legally entitled to do so) and (where appropriate) that you provide that individual with a copy of this Privacy Policy.

4.3   Optional activities

When you engage in certain activities, such as purchasing a product, signing up for a service, entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information.  It is completely optional for you to engage in these activities.

4.4   Mandatory information

Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary.  If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to effectively provide our services to you.

4.5   Website “cookies”

If you use our Website, we may utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site.  A cookie does not identify you personally but it does identify your computer.  You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services.  This information does not identify you personally.

5   How we may use and disclose your personal information

5.1   Use and disclosure

We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.

You consent to us using and disclosing your personal information to facilitate the applicable primary purpose/s for which such information was collected in connection with:

(a)   if required, the verification of your identity;

(b)   fundraising, including the processing of donations and grants;

(c)   the processing of scholarships, awards and courses;

(d)   in undertaking our Research Services;

(e)   the processing of orders, including to communicate with you concerning such orders;

(f)   the provision of our goods and services to you (as applicable), including but not limited to counselling, support services, volunteering and fundraising;

(g)   the administration and management of donations or our goods and services, including charging, billing, credit card authorisation and verification and collecting debts to the extent that such information is not directly provided to our third party hosted payment system for processing;

(h)   the improvement of our services (including to contact you about those improvements and asking you to participate in surveys about the goods and services);

(i)   the maintenance and development of our goods and services, products, business systems and infrastructure;

(j)   marketing, events, conferences and promotional activities by us and other Cancer Councils (as defined in paragraph 6.1(f)) (including by direct mail, telemarketing, email, SMS and MMS messages);

(k)   to provide customer service functions, including handling customer enquiries and complaints;

(l)   to offer you updates, or other content or products and services that may be of interest to you;

(m)   our compliance with applicable laws;

(n)   your employment (or potential employment) by us; and

(o)   any other matters reasonably necessary to facilitate the primary purpose and to continue to provide our goods and services.

5.2   When we will seek your consent

We will not use or disclose your personal information without your consent unless:

(a)   it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;

(b)   if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;

(c)   if we have reason to suspect that unlawful activity has been, or is being, engaged in; or

(d)   if it is required or authorised by law.

5.3   Additional consent required

In the event we propose to use or disclose such personal information other than for reasons in paragraphs 5.1 and 5.2 above and unless paragraph 5.5 applies, we will first seek your consent prior to such disclosure or use.

5.4   Opt-outs

If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us by e-mail at dataservices@cancerqld.org.au or write to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004 and we will ensure the relevant communication ceases.

5.5   Disclosure required by law

Any other use or disclosure we make of your personal information will only be as required by law or as permitted by the Privacy Act, by this Privacy Policy or otherwise with your consent.

6.1   Disclosure to third parties

We will not disclose your personal information to organisations outside of CCQ unless we have your consent to do so, or we are legally obliged or permitted to do so, and such disclosure is in relation to the goods or services we provide to you or for a purpose permitted by this Privacy Policy.  We may obtain your consent by virtue of the operation of other parts of this Privacy Policy or by including an opt-out clause in our communications with you.  Furthermore, we will not make such disclosures to third parties unless we have taken such steps as are reasonable to ensure that these organisations and/or parties use your personal information in accordance with the terms of the Privacy Act.

Examples of organisations and/or parties that your personal information may be provided to, where appropriate given the goods or services that we are providing to you, and where we have your consent to do so, include:

(a)   offshore service providers, if any;

(b)   charitable or likeminded organisations, grant and award providers which are aligned with CCQ, and third party service providers who facilitate the sharing of information between such types of charitable or likeminded organisations;

(c)   third party service providers, Government departments and agencies, volunteers and medical health personnel that may assist CCQ with financial support, transportation and accommodation services;

(d)   third party service providers, Government departments and agencies, volunteers and medical health personnel that may assist CCQ with counselling, fundraising and support services;

(e)   third party service providers, Government departments and agencies, research institutions including but not limited to hospitals and universities, volunteers and medical health personnel that are concerned with cancer research and prevention;

(f)   Cancer Council Australia and state and territory Cancer Councils that are members of Cancer Council Australia (“Cancer Councils”); and

(g)   our contractors, third party service providers, volunteers and agents.

7   Direct Marketing

7.1   Who are Supporters and what are Direct Marketing Communications?

For the purpose of this clause, a “Supporter” is an individual or organisation who has donated or participated in fundraising and other activities in support of Cancer Council Queensland, and “Direct Marketing Communication” is any communications about products, services, events, fundraising or any other activity (including third party products, services, events and fundraising) which may be of interest to you.

7.2   Consent by Supporters

Where you are a Supporter:

(a)   you expressly consent to us using your personal information; including any email address you give to us, to send you Direct Marketing Communications;

(b)   you expressly consent to us disclosing your personal information to other Cancer Councils who may also use your personal information for sending you Direct Marketing Communications. We will take reasonable steps to ensure that your information is used by other Cancer Councils in accordance with the terms of the Privacy Act;

(c)   you expressly consent to us disclosing your personal information to other likeminded organisations (including other charities, and third party service providers who facilitate the sharing of information between such types of charitable or likeminded organisations) who may also use your personal information for sending you Direct Marketing Communications. We will take reasonable steps to ensure that your information is used by such organisations in accordance with the terms of the Privacy Act; and

(d)   if at any time you do not wish us to disclose your personal information to others under paragraphs (b) or (c) or you do not wish to receive any further Direct Marketing Communications from us, then you can simply request to opt out of receiving further Direct Marketing Communications from us and/or ask that we not to disclose your information to other organisations for that purpose. In the case of paragraph (c) we will give you an opportunity to opt out not less than 30 days before we disclose your personal information to such organisations.  You may do this by contacting us by email at dataservices@cancerqld.org.au, by calling our Donor Hotline 1300 663 936 or by writing to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.

8   Cross Border Disclosure

8.1   Transfer of personal information overseas

CCQ acknowledges the importance of protecting personal information and has taken reasonable steps to ensure that your information is used by third parties, including overseas service providers, securely and in accordance with the terms of this Privacy Policy.

CCQ may from time to time enter into contractual arrangements with third party service providers to assist CCQ with providing our goods and services to you.  It may also transfer your personal information to other charitable or likeminded organisations or to grant and award providers which are aligned with CCQ, pursuant to paragraph 6.1 of this Privacy Policy.  As a result personal information provided to CCQ may be transferred to, and stored at, a destination outside Australia.  For a list of those overseas countries please refer to our Privacy – Offshore Countries Guideline at www.cancerqld.org.au/page/about_us/policies/.  Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or other Cancer Councils.  Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

8.2   Consent to transfer overseas

By submitting your personal information to CCQ, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia, as described in paragraph 8.1.  In providing this consent you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information.  You acknowledge that if such offshore entities handle your personal information in breach of the Australian Privacy Principles they and we will not be accountable under the Privacy Act and you will not be able seek redress under the Privacy Act.

If you do not agree to the transfer of your personal information outside Australia, please contact us by email at dataservices@cancerqld.org.au or by writing to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.

9   Data quality and security

9.1   Security

At all times we will take reasonable steps to help ensure your personal information is safe including:-

(a)   making sure that the personal information we collect, use or disclose is accurate, complete and up to date;

(b)   protecting your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and

(c)   destroying or permanently de-identifying personal information if it is no longer needed for any authorised purpose.

You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the internet is involved.  Notwithstanding the foregoing, we have implemented appropriate internal procedures to respond to the unauthorised access or disclosure of your personal information in a manner which constitutes a data breach (“Security Incident”) including, but not limited to, taking reasonable steps to contain the Security Incident, undertaking a preliminary assessment of the Security Incident and (where appropriate following the results of that assessment) implementing appropriate changes.  Where required under the Privacy Act, or in any instance where we feel it is appropriate to do so, we will notify you and the appropriate authorities if a Security Incident occurs.

9.2   Accuracy

The accuracy of personal information depends largely on the information you provide to us, so we recommend that you:

(a)   let us know if there are any errors in your personal information; and

(b)   keep us up-to-date with changes to your personal information (such as your name or address).

10   Access to and correction of your personal information

10.1   Access

You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law.  You can gain access by emailing us at privacyofficer@cancerqld.org.au or writing to us at Privacy Officer, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.  We reserve the right to charge a fee for searching for and providing access to your information.

10.2   Corrections

You may request that we correct the personal information that we hold about you.  However, in some cases we may be required by law to retain your prior information or we may be permitted to retain it in accordance with this Privacy Policy.  We may also need to keep track of your prior information for our accounting and audit requirements.  Furthermore, it may be impossible to completely destroy your prior information because some information may remain as backups.  You can make requests of this nature by contacting us at dataservices@cancerqld.org.au or writing to us at Data Services, Cancer Council Queensland, PO Box 201, Spring Hill Qld 4004.

11   Confidential Information held by the Queensland Cancer Registry

CCQ manages the Queensland Cancer Registry as a contractor for Queensland Health.  Information held in the Queensland Cancer Registry will include personal and sensitive information, and is subject to this Privacy Policy, to various laws including the Privacy Act, the Public Health Act 2005 and to CCQ’s contractual obligations.

Any and all requests for access to information held by the Queensland Cancer Registry are subject to the provisions of the Public Health Act 2005, the Right to Information Act 2009 and the Information Privacy Act 2009.

12   Governing law

This Privacy Policy is governed by the laws in force in Queensland, Australia.  You agree to submit to the exclusive jurisdiction of the courts of that jurisdiction.

13.1   Consent

By using our website or by accepting our terms and conditions which refer to this Privacy Policy, you are agreeing to the terms of this Privacy Policy.

13.2   Amendments to this Privacy Policy

We reserve the right to modify our Privacy Policy as our business needs require. We will post such changes on our website, after which, your continued use of the website or your continued dealings with us shall be deemed to be your agreement to the modified terms.