RFDS South Eastern Privacy policy

1.0 General

Royal Flying Doctor Service (South Eastern Section) ABN 86 000 032 422; and its related bodies corporate and affiliated organisations, (referred to in this document as RFDSSE, we, us or our) recognises that your privacy is very important and we are committed to protecting the personal information we collect from you. The Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), the Health Record and Information Privacy Act 2002 (NSW) (HRIP Act), the NSW Health Privacy Principles (HPPs) and any other relevant state or territory legislation, govern the way in which we must manage your personal information and this policy sets out how we collect, use, disclose and otherwise manage personal information about you.

The RFDSSE provides emergency and aeromedicine, primary health, mental health, dental services and medical chests to our patients. As a not-for-profit organisation, we also conduct fundraising activities across a wide range of channels. We also manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, handle feedback, and report to our funders. The RFDSSE collects personal information from our patients, their carers, representatives, family and friends, medical chest custodians, employees and volunteers including those applying to work with us, our supporters (donors), and others.

We take all reasonable efforts to safeguard all personal information.

In general, we:

- Ensure fair, open and transparent management of information;
- Collect information lawfully and through fair means;
- Collect, use and disclose only information we need for its intended purpose or to comply with the law;
- take reasonable steps to ensure accuracy of information;
- collect information about a patient from them directly (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if the patient is unable to give us the information, or has given consent for someone else to do this for them);
- regulate access and correction;
- ensure appropriate storage and security;
- destroy or de-identify information not needed for the intended purpose as soon as we can;
- ensure all of our staff are aware of privacy expectations; and
- acknowledge that people with vision or hearing impairments, and culturally and linguistically diverse people, may require special consideration.

2.0 Collection

2.1 Types of Information Collected

We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the goods and services you are seeking, and to our functions and activities.

The kinds of information we typically collect depends on our relationship with you, but may include name, gender, date of birth, address, phone number, email address, and other information relevant to providing you with goods and services or reasonably necessary for one or more of our functions or activities.

Depending on our relationship with you, we may also typically collect:

- If you are a patient: health information about you (as that term is defined in the Privacy Act), as well as the name, contact details and address of your emergency contact/s.
- If you are an employee or preferred applicant: personal and emergency contact information, referee details and opinion, medical details, tax file number, proof of identity, superannuation details, criminal history, citizenship or residency status, employment and education history and training details.
- If you are a candidate seeking employment with us: employment history, references, résumé and qualifications.
- f you are a medical chest holder or medical chest nominated persons: personal contact information, proof of identity.
- If you are a volunteer or student: emergency contact information, proof of identity, criminal history, education history and medical details depending on the role.

- If you are a contractor or supplier: your personal and business contact details, name and type of business, ABN and payment details. Your emergency contact information, proof of identity, criminal history, education history and medical details depending on the role.
- If you are a supporter or donor: contact and financial information (such as credit card) this may also include your communication preferences, donation history, event participation, responses to surveys or campaigns, and digital interactions such as website usage or advertising engagement.
- If you attend an RFDSSE event or base: you may be filmed or photographed (including for official event documentation and for security CCTV purposes in external and public access areas)

The RFDSSE will not collect sensitive information about health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences, or criminal record unless a permitted health situation applies, or the individuals have consented to give this information and it is relevant to the work of the RFDSSE, or authorised by law.

2.2 Method of Collection

We will only collect information by lawful and fair means and generally collect information in different ways, including:

Paper or digital forms (such as our employment forms, donation forms),

Electronically in approved RFDSSE systems as well as over the internet (including where you participate in an online survey),

via email or

through other digital channels including but not limited to the Oceans to Outback App, social media or other mobile applications, through a telephone conversation with you or via a face-to-face interaction. We also collect information through digital advertising platforms such as Google, Meta, LinkedIn, third-party fundraising platforms and supporter engagement tools.

Personal information will generally always be collected directly from you. There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected. By way of example, if you are a patient we generally collect information from you directly (although we may also need to collect from a representative, referee or other agency like a hospital or medical service). Where collection directly from you would be impractical or unreasonable, or where you have given specific consent, personal information may be collected from third parties such as contractors, service providers, vendors, health professionals, government agencies, social and community workers, referees, family members or your representatives.

2.3 Purpose of Collection

The personal information that we collect and hold about you, depends on your interaction with us. Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and activities and for the purposes of:

providing health care services (where you are a patient);

responding to your enquiries;

communicating with you about our fundraising appeals, campaigns, events, volunteering or employment opportunities, health services, and merchandise. They may include tailored communications via mail, phone, email, SMS/MMS, social media, and digital advertising.; and

facilitating our internal business operations, including: establishing our relationship with you;

maintaining and managing our relationship with you and communicating with you in the ordinary course of that relationship (including responding to feedback or complaints);

the fulfilment of any legal requirements; and

analysing our business operations, services and customer needs with a view to developing new or improved business operations or services.

Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions (including for the provision of health services), as set out above.

2.4 Failure to Provide Information

If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you with the goods, services or information you. If you are a supporter or a donor and you choose not to provide your name or contact details, we will not be able to provide you with a tax invoice or share details about upcoming events, campaigns and opportunities.

2.5 Internet Users

If you access an RFDSSE website or app, we may collect additional personal information about you in the form of your IP address and domain name.

Links to external sites

Our website may contain links to other websites. We cannot control and are not responsible for the content or privacy practices of linked websites and linked websites are not subject to our privacy policies.

Social networking services

We use social networking services such as X (formerly Twitter), Facebook, Instagram, LinkedIn, TikTok and YouTube to communicate with the public about our work. When you communicate with us using these services, we may collect your personal information (including your name, handle/username and contact information) but we will only use it to help us to communicate with you. The social networking service will also handle your personal information for its own purposes in accordance with their own privacy policies and practices. We are not responsible for the privacy practices of social networking sites and social networking sites are not subject to our privacy policies and procedures.

Cookies

Our website uses cookies to track site visits and improve user experience. The main purpose of cookies is to identify users and to prepare customised web pages for them. Cookies do not identify you personally, but they may link back to a database record about you. We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively.

Our online credit card processor may also use cookies for identification and anti-fraud purposes. Cookies can be disabled but some site functions may become unavailable. Social media providers, including Facebook and Twitter, set cookies through our website which may enhance your profile on their website or contribute to the data they hold. We encourage you to read their privacy policies.

We may also use third-party tracking technologies (such as Meta Pixel, Google Ads Remarketing) to measure the effectiveness of our advertising campaigns and deliver targeted content. You can manage or opt out of these via your social media settings or browser.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the handling of data about you by Google in the manner and for the purposes set out above.

Payment security

We use third party credit card processors to facilitate credit card payments through our website and Point of Sale systems, including but not limited to Square, Stripe, Quest, Pay Pal and digital wallets. Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible. However, there are inherent risks associated with the transmission of information over the internet including by email or by facsimile. While all reasonable efforts are made to secure information transmitted to this website, there is always a possibility that the information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold us liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur.

3.0 Use and Disclosure

Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above), unless you consent to another use or disclosure, in an emergency or as otherwise required or authorised by law. We may use and disclose personal information about you:

to our employees, volunteers, contractors and consultants (workers), our affiliated organisations (such as the RFDS Section/Operation in your state or territory), and other parties who require the information to assist us with facilitating our internal business processes, providing you with information and services, and with establishing, maintaining, managing, or ending our relationship with you (including payment processors, insurers, IT and technology service providers, and professional advisers such as lawyers, accountants and auditors) and these service providers may not be required to comply with our privacy policy;

to third parties to whom you have agreed we may disclose your information (for example, your emergency contacts) or where the information was collected from you (or from a third party on your behalf) for the purpose of passing it on to the third party;

if you are a patient:

for the purpose of providing a health service to you;

to other health professional or health service providers to assist in your care;

where authorised or required by law (such as in connection with mandatory reporting of certain diseases, in the event of a permitted health situation as that term is defined in the Privacy Act, instances of abuse, under warrant or subpoena, or where reasonably necessary to prevent a serious or imminent threat to life, health safety or welfare of an individual or the broader public);

to our government funders;

for formal quality review processes in connection with our health care services;

we may also communicate with you after your service interaction for feedback on your experience to obtain testimonials or to see if you would like to stay up to date with our activities and services in your local area. We will ask for your consent for this to occur; and

for research, statistics and public health purposes, where data will be de-identified before publishing.

If you are an employee: to the Australian Taxation Office, and your superannuation fund;

If you are a supporter or a donor:

We may share information with you about upcoming events and other fundraising campaigns (including by mail, email, phone, SMS/MMS and other channels such as WhatsApp). You can opt out of receiving these communications at any time by clicking ‘unsubscribe’ in these digital communications or contacting our Supporter Care teams to make the request on 1300 669 569. We may disclose your personal information with trusted fundraising suppliers, such as mail houses, telemarketing agencies, face to face fundraising providers, or data analysis, strictly for the purpose of conducting fundraising campaigns on our behalf. All such providers are contractually bound to handle your information in accordance with privacy and data security standards.

From time to time, our supporter teams, Telemarketing and Face to Face agencies may contact our regular supporters directly to update or confirm their personal or credit card details. When we do this, we provide you with sufficient information from our existing database (including, where appropriate, the last four digits of your credit card) for you to be satisfied that the caller is our representative.

We are guided by the Fundraising Institute of Australia Code of Conduct in connection with the use or disclosure of any personal information collected about supporters and donors;

We are committed to ensuring your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

The Royal Flying Doctor Service (South Eastern Section) may capture photographs, video footage, and sound recordings at the following types of activities: Celebrations and events

Fundraising activities

Community events where RFDS has a presence

RFDS facilities (excluding private clinical areas)

Some content may be taken by staff while out in community settings, while other material is gathered as part of planned content collection to support policy discussions, fundraising, recruitment, and health promotion.

Inclusion in printed promotional materials such as reports, newsletters, posters, and leaflets

Digital formats including social media, e-newsletters, and the RFDS website

Presentations and collateral at private and public speaking events, community fairs, recruitment drives, schools, and universities

Internal staff platforms and educational resources, including online and in-person training

Distribution to media outlets for stories about the Royal Flying Doctor Service and its work

At celebrations and events, there is a reasonable expectation that photography or filming may occur. In all other settings, RFDSSE provides a Video Footage, Sound Recordings and Photos Release Form to individuals who may be featured in our content. This form outlines how the material may be used and provides individuals with a copy for their records, including instructions on how to withdraw consent at any time.

Content may be used for the following purposes:

Unless an image is captured for a specific story, RFDSSE will not publish an individual’s name alongside their image without express permission.

For photographs and video captured at clinics or on partner sites, RFDSSE works closely with stakeholders to provide sufficient notice and obtain permission to attend. Participation in any content gathering activity is entirely voluntary.

If you volunteer with the RFDSSE as a Clinic Coordinator, Medical Chest Custodian or as a registered airstrip owner that we can fly to in an emergency, we collect your information in order to communicate with you for educational and training purposes, to provide you with regulatory updates, urgent information about recalls or weather events that may impact your ability to work with the RFDSSE. It is expected that Clinic Coordinators, Medical Chest Custodians and registered airstrip owners will receive and read relevant communications. We will remove contact details should an individual cease to work as a volunteer with the RFDSSE.

If you have participated in a national RFDS campaign: to the RFDS Section/Operation in your state or territory, so that you can be kept informed about local RFDS activities, news and campaigns that are relevant to where you live. You can opt out of receiving these communications at any time by clicking ‘unsubscribe’ in digital communications or contacting our Supporter Care teams to make the request on 1300 669 569

If you have applied for an employment opportunity: we may use and hold your application details for a reasonable period of time in the event you may be suitable for similar opportunities that become available in the future. We will destroy any application, and no longer consider it as part of the recruitment pool, on written request from you; and

to any other entity as otherwise permitted or required by law.

Sensitive information (including health information) is only used and disclosed for the purposes for which it was collected, unless your further consent is obtained or otherwise as permitted or required by law.

We may anonymise or aggregate any of the information we collect and use it for any purpose detailed above, including for research and development purposes. Such information will not identify you individually.

4.0 Disclosure of Personal Information Overseas

We may be likely to disclose personal information about you overseas. For instance, we are assisted by a variety of external service providers to operate our business, some of whom may be located overseas or may use infrastructure outside of Australia. These third parties are too numerous to list, and they change from time to time. Some examples of the types of third parties include technology service providers who may be located in the United States of America, such as Google Analytics, Campaign Monitor, Shopify and HubSpot, unless:

For patients:

We will not disclosure your health information (as that term is defined in the Privacy Act) overseas without your consent.

For supporters and donors:

For some of our business functions, we are assisted by a variety of external service providers to operate our business, some of whom may be located overseas or may use infrastructure outside of Australia.

This may also include other third-party fundraising platforms and service providers, such as donor management systems, CRM providers, marketing automation tools, or payment gateways (including PayPal and digital wallets). These may be hosted or supported overseas.

These third parties are too numerous to list, and they change from time to time. Some examples of the types of third parties include technology service providers who may be located in the United States of America, such as Google Analytics, Campaign Monitor, Shopify, Stripe and HubSpot. For candidates or preferred applicants:

For some of our candidates or preferred applicants, who have resided overseas and require a criminal history check, we will apply for a global check for these individuals.

5.0 Security

We store your personal information in different ways, including in paper and in electronic form. The security of your personal information is important to us. We take all reasonable measures to ensure that your personal information is stored safely to protect it from interference, misuse, loss, unauthorised access, modification or disclosure, including:

limiting access to documents containing personal information to staff that require such access in order to fulfil the primary purpose for which the personal information was collected;

deploying a range of electronic (hardware and software) and physical security measures; and

training staff on how to securely store and protect personal information,

retaining personal information for the relevant period of time to meet our legal, compliance and policy requirements,

Disposing of information in a secure manner,

Keeping all paper patient records in secure storage,

All credit card transactions are processed in accordance with PCI DSS (Payment Card Industry Data Security Standard) requirements.

6.0 Access and Correction

You may access the personal information we hold about you, upon making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for processing your request (but not for making the request for access).

We may decline a request for access to personal information if we are unable to confirm your identity or otherwise circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. Personal information will not be provided over the phone unless we are certain that the enquirer is the individual to whom the personal information relates, or their legal or nominated representative.

If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.

If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.

7.0 Data Deletion

We are committed to ensuring your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. While we will consider requests for deletion, there is currently no right to delete or erase of personal information and sensitive information in the Privacy Act. To request deletion of your personal information, please contact us using the details provided in the Contact Us section of this policy. We will take reasonable steps to review the deletion request however due to our legal obligations to retain personal information, we may not be able to delete your personal information.

Please note that in some cases, deletion may result in the loss of access to certain services or communications (e.g., donation receipts, newsletters, or event participation).

8.0 Complaints and Feedback

If you have any comments, concerns or wish to make a complaint about a breach of the Privacy Act, the APPs or a privacy code that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you.

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Australian Information Commissioner. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.

To contact the OAIC
Address: GPO Box 5288
Sydney NSW 2001
Phone: 1300 363 992
Email: enquires@oaic.gov.au
Website: www.oaic.gov.au

If you have any queries or concerns about our privacy policy or the way we handle your personal information, please contact our privacy officer at:

Postal address:
GPO Box 3537, Sydney NSW 2001
Email address:
privacy.officer@rfdsse.org.au

Telephone:
02 9941 8859
1300 669 569
Website:
https://www.flyingdoctor.org.a...

For more information about privacy in general, you can visit the Office of the Information Commissioner’s website at www.oaic.gov.au.