Privacy Policy

Privacy collection notice

Who is collecting the information?
Australian Red Cross Society

Privacy concerns can be sent to:

Head of Legal
Legal & Policy Unit
Australian Red Cross Society
23–47 Villiers St, North Melbourne VIC 3051

Tel: 1800 RED CROSS (733 276)
Fax: 61 3 9348 2513
Email: privacy@redcross.org.au

Facts and circumstances of collection
We may collect your information in a number of ways:

• directly from you (for example, when you visited our website or contact us by telephone)
• from third parties (for example, our professional marketing and fundraising contractors)
• from publicly available sources or information (for example, White Pages).

Is the collection being made because a law or Court order applies?
No law or Court order applies to the collection of this information.

Why does Red Cross need to collect this information?
We need to collect this information so that we can do one or more of the following:

• process your donation
• process your membership
• to verify your identity
• enable you to participate in our activities or provide you with information about our activities
• provide you with a tax receipt at tax time
• enable you to participate in or invite you to participate in our fundraising campaigns including disaster appeals, raffles and other events such as the Big Cake Bake
• to gain an understanding of your communication needs, to perform research and analysis to improve the way in which we engage with you as a supporter.

We also use your information for direct marketing. We use your information to promote our humanitarian activities and other services that we think will interest you. This marketing may be by email, phone, SMS, post or online. You are entitled to opt out of direct marketing at any time.

The primary purpose for which the information is being collected
The primary purpose of collecting your information depends on why we initially collected your information. Typically, the primary purpose will be one or more of

• to process your donation
• to process your membership
• to participate in our activities (for example, Big Cake Bake, Wills Day, etc)
• to provide you with direct marketing

The secondary purposes (if any) for which Red Cross is collecting this information
The secondary purpose of collecting your information is to profile our supporters so that we provide you with the high quality service and information that you expect from us.

For the Disaster Weekend Challenge or Red Cross Calling Events we may use your name on our website for the leaderboard.

What happens if Red Cross doesn't collect this information?
If Red Cross does not collect this information from you we may not be able to process your donation or membership, enable you to participate in our activities or provide you with direct marketing.

Anonymity/Nickname
You have the right to ask that we do not record your real name. Sometimes we may require your real name, for example, if you wish to be a member.

The organisations we usually disclose this information to are
We may disclose your information to third parties that provide services to us. These services include professional marketing and fundraising organisations who provide us with letter printing, call centre, email and data analysis services. These organisations may provide us with other similar services. We may also disclose your information to organisations that provide us with information technology and banking services.

Access and correction
Information about accessing your information and requesting corrections is set out in the Red Cross Privacy Policy below. You can request a hard copy of our privacy policy by contacting:

Head of Legal
Legal & Policy Unit
Australian Red Cross Society
23–47 Villiers St North Melbourne VIC 3051

Tel: 1800 RED CROSS (733 276)
Fax: 61 3 9348 2513
Email: privacy@redcross.org.au

Complaints
Information about how to complain is also in the Red Cross Privacy Policy. You can also complain direct to the Privacy Commissioner at www.oaic.gov.au

Will my information be stored offshore? 
Your information is stored in Australia. Sometimes organisations that we may disclose your information to are located outside Australia. For example, we may disclose your information to service providers in New Zealand.

I understand that I can make a request not to receive direct marketing at any time by emailing contactus@redcross.org.au or calling 1800 RED CROSS (733 276).

Privacy policy

Date of commencement: 24 February 2018

We are the Australian Red Cross Society (ABN 50 169 561 394) (“us”, “we”, “our”). 

This Privacy Policy explains how we collect and handle personal information. It tells you how to contact us if you have any questions about how we handle your personal information.

We take our privacy obligations seriously.  We will handle personal information in accordance with all relevant laws including the Australian Privacy Act. 

Please note that this Policy does not apply to the Australian Red Cross Blood Service. It has a separate policy. The Blood Service Privacy Policy is available here.

What is “personal information”?
In this Privacy Policy, “personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable. It includes information or opinion:

• whether the information or opinion is true; and
• whether the information or opinion is recorded in a material form or not.

“Personal information” includes sensitive information such as health information. It includes information which we request. It also includes information which is given to us, which we have not requested.

May I choose not to provide personal information?
You may choose not to agree to provide the personal information we request.

If you make that choice, then we may not be able to provide you with our assistance, products, services, or opportunities. Or we may not be able to engage with you or respond to your queries or requests.

By providing your personal information to us, you confirm that you have agreed to us collecting, using and disclosing your personal information in accordance with this Privacy Policy.

We may collect sensitive information about you, such as health information. When we do so, we will seek your consent to the collection, use and disclosure of that information at the time of collection.

Kinds of personal information we collect
The kinds of personal information that we may collect and hold about you include those listed here.

• Identifying information, such as your name and date of birth.
• Details of products or services that we provide to you.
• Information about how you use the products and services we provide.
• Records of our interactions with you.
• Contact information, such as your address, email and telephone number(s).
• Financial information, such as credit card, bank account or other payment details.
• Details of products or services that you provide to us.
• Government-issued identifiers - such as health service providers’ practitioner numbers.
• Usernames and passwords that you create when registering for an account with us.
• Social media handles and other social media profile information that you make available to us or to the public.
• Information about your health.

How we collect personal information
We collect personal information from people and organisations. This includes

• our employees
• job applicants
• volunteers
• members
• the people that we provide services to
• our suppliers
• the general public (such as donors and visitors to our website)
• our other business and research partners. 

We collect personal information from you when you

• accept assistance from us
• receive our products or services
• donate
• become a member or volunteer
• provide us with products or services
• submit a query or request to us
• respond to a survey or fill in one of our forms.

We collect personal information from our service providers whom we engage to provide services on our behalf.

We collect personal information by tracking your use of our websites and mobile applications (in which case we may also collect information about your IP address, location or activity). This information helps us to keep connected with you through understanding use of our website. The information we collect may include information to enable us to personalise your experience on our website and to enable us to statistically monitor how you are using our website.

We may also use this information

• to conduct marketing and promotional efforts,
• to provide information to your browser that we think may be of interest to you,
• to determine the popularity of certain content.
• We collect personal information when you participate in programs or events that we run or support.

We collect personal information in several ways. These are face-to-face; over the phone; by email; over the internet (including social media platforms); and in writing.

Purposes for which we collect and use personal information
When we collect your personal information, we will provide you with more information about the reason for the collection. We may also tell you more about any other specific matters that are relevant to collecting that information.

If you have agreed, we collect and use personal information for one or more of several purposes.  These will depend upon what is relevant to your situation.

• To enable us to help through our various community programs.
• To provide humanitarian and emergency assistance.
• To provide health services.
• To manage our relationship with you, including confirming your identity, responding to any queries or requests and contacting you for follow-up purposes.
• To enable us to provide our products and services, including through retail operations;
• To enable us to raise funds – example: through direct fundraising, administering memberships and bequests.
• To administer our international programs – example: when we deploy employees, contractors or volunteers overseas.
• To analyse use of our products and services, and carry out quality assurance activities, including through working with third parties.
• To provide education and training, both internally and externally - example: to our staff and other organisations.
• To keep you informed of our activities, including through sending out newsletters and electronic communications.
• To manage and develop our business and operational processes and systems.
• To manage and resolve any legal or commercial complaints or issues.
• To comply with our legal obligations.
• To perform other functions and activities relating to our business.

We may use your personal information to send you marketing materials about products or services that may be of interest to you.  You can opt-out of receiving these marketing communications from us by contacting our Supporter Services Centre 1800 RED CROSS (733 276).

We may also use and disclose your information in accordance with your requests or instructions.

People to whom we disclose personal information
If you have agreed, we may share your personal information with some other people. This will depend upon what is relevant to your situation.

When we collect your personal the information we will request your agreement to sharing it.  We will provide you with more information about the reasons for the information to be shared.

If you have agreed, the other people with whom we may share your personal information, depending upon your situation, could be amongst those listed here.

• Local authorities engaged in humanitarian work, disaster relief and other activities in which we are involved (including in places where we operate our international programs).
• Our staff, contractors and volunteers, on a ‘need-to-know’ basis.
• Other persons authorised by or responsible for you (such as your employer when you participate in one of our training programs held at your organisation).
• Our business partners, agents, professional advisors and service providers (including health service providers, translators, interpreters and other third parties we work with or engage, to provide our services.
• Red Cross or Red Crescent National Societies located in other countries, and the International Federation of the Red Cross Red Crescent Societies (“IFRC”), to further the work of the International Red Cross Red Crescent Movement in assisting those who are the most vulnerable;
• Your representatives and advisers.
• Government agencies, such as those who we receive funding from.
• Universities and research organisations.
• Payment system operators and financial institutions.
• Other parties as authorised or required by law.

In some cases, the people to whom we disclose your personal information may be located overseas, such as the IFRC and National Societies noted above. 

We may need to disclose your personal information to a third party located overseas, for a purpose set out in this Privacy Policy. In this case, we will only do so to the extent necessary. We will also take reasonable steps to ensure that the third party handles your personal information in accordance with Australian privacy laws. 

We may also disclose your personal information to overseas organisations where you tell us to do so or you expressly consent to us doing so.  In such cases, it may not be possible or appropriate for us to take the steps set out above in relation to the management of your information. We will tell you about this at the time.

Storage and security of personal information
We generally store the personal information that we collect in electronic databases.  Some of these databases may be held on our behalf by third party data storage providers.  We may also keep hard copy records of personal information in physical storage facilities. 

We use physical and technical security processes to protect the confidentiality and security of the information that we hold. 

For example, when we collect sensitive information such as health information:

1. We store this information separately (both physically and electronically).
2. We only allow access to our personnel who need to use the information. 

We also update our processes to address new and emerging security threats that we become aware of. 

We will only keep your personal information for as long we need it for the purposes described in this Privacy Policy. Your personal information will be destroyed or de-identified when it is no longer required.

Access and correction
You may want to access any of the personal information that we hold about you.  You may also want to correct some aspect (for example, because you think it is incomplete or incorrect). If so, please contact our Privacy Compliance Team using the contact details below. 

To make sure your information is only given to you, we will ask you to follow an access procedure, which will include steps to prove your identity. 

In some cases, we may not be able to provide information in response to your request. For example, this could happen if for example it would interfere with the privacy of others or result in a breach of confidentiality. In these cases, we will let you know the reasons why we cannot comply with your request.

Queries and complaints
We aim to always meet the highest standards to safeguard your privacy. 

However, you may be concerned about the way in which we are managing your personal information. You may like to discuss any information contain in this Privacy Policy.  If so, please contact our Privacy Compliance Team using the contact details below.  We will make a record of your complaint or query and we will deal with the matter as soon as we can.

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner. You can contact that office:

• by phone on 1300 363 992.
• Teletypewriter (TTY) users phone 133 677, then ask for 1300 363 992.
• Speak and Listen users phone 1300 555 727, then ask for 1300 363 992.
• Internet relay users connect to the National Relay Service, then ask for 1300 363 992.

Changes to this policy
We may make changes to this Privacy Policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations.  The latest version of this policy will always be available on our website.

Privacy Compliance Team Contact details
If you require any further information from us on privacy matters, please contact our Privacy Compliance Team at:

Head of Legal
Legal & Policy Unit
Australian Red Cross Society
23–47 Villiers St North Melbourne VIC 3051

Tel: 1800 RED CROSS (733 276)
Fax: 61 3 9348 2513
Email: privacy@redcross.org.au

Cookies

We use cookies on our website for a variety of reasons. The cookies we use do not store personally identifiable information nor can they harm your computer. We want our website to be informative, personal, and as user friendly as possible and cookies help us to achieve that goal.

By using our website, you agree to the use of cookies and other technologies as set out in this policy. We appreciate some users may like more individual control over their visit to our website and can adjust their settings accordingly. You can read all about this in the section below, How to control and delete cookies. If you do not agree to such use, please refrain from using the website.

What are cookies?

A cookie is a small file and holds a certain amount of data, which our website can send to your browser. It may then be stored on your computer's hard drive and can be accessed by our web server. This cookie data can then be retrieved and can allow us to customise our web pages and services accordingly. It's important to clarify that cookies do not collect any personal data stored on your hard drive or computer.

To find out more about cookies, visit www.aboutcookies.org

How does Australian Red Cross use cookies?

Our website uses both persistent and session cookies.

Persistent cookies are used to allow the website to recognise users when they return to the site and to remember certain information about their preferences. These cookies are cookies which stay on your computer permanently, until you "manually" delete them.

Session cookies are used in order to allow visitors to carry information across pages of the website, without having to re-enter such information. These cookies delete themselves automatically when you leave a website and go to another, or when you shut down your browser.

Social media and third party cookies

To enrich our website content, sometimes we may embed video content from other social media websites such as YouTube or Facebook. As a result, when you visit a page with content embedded, you may be presented with cookies from these websites. Australian Red Cross has no control or liability over these cookies set, so you should check the relevant third party's cookie policy for more information.

We also offer a 'share page' widget on some of our web pages, where content can be shared easily on Facebook and Twitter. These sites may set a cookie when you are logged into their service. Australian Red Cross has no control or liability over these cookies set, so you should check the relevant third party's cookie policy for more information.

How to control and delete cookies

Australian Red Cross will not use cookies to collect personally identifiable information about you. However, should you choose to disable, reject or block our cookies, some parts of our website may not function fully.

For more information on how to control your cookie settings and browser settings, or how to delete cookies on your hard drive, please visit www.aboutcookies.org

Platform-specific cookies

Our platform provider implements physical controls designed to prevent unauthorized access to, or disclosure of, our supporter data. Our website resides in a data centres managed by our platform provider which is monitored 24×7 for all aspects of operational security and performance.

Our data centre provider is certified to the following compliance standards: HIPAA, PCI-DSS, SOC 1 Type 2, SOC 2 Type 2, ISO 27001 and FISMA/NIST. Our cloud provider has the following certifications: PCI-DSS, ISO 27001, SOC 1 / 2 / 3, IRAP, ISO 27018 and ISO 9001.

To protect your data, our platform provider encrypts information in transit by supporting TLS 1.2. Data at rest is also encrypted using AES-256 encryption, and our site is compatible with DSS Level 1.

Only authorised platform provider personnel are permitted to access personally identifiable information through approved and logged devices, and only for the purpose of processing your information for fundraising purposes on this website.