Ovarian Cancer Australia Limited (OCA) respects and is committed to protecting your privacy. OCA is required to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles contained in the Act, as well as applicable State and Territory based health records legislation.
This policy sets out how OCA collects, holds, uses, discloses and keeps your information secure and correct, how to request access to and collection of the personal information we hold about you and how to complain. This policy does not apply to the personal information of our employees.
What is personal information?
Personal information is any information or opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not.
Sensitive information is a subset of personal information which includes information about your health, your membership of professional association, religious affiliations or beliefs, criminal record and racial or ethnic origin.
Because of the nature of our organisation and the support services that we provide, the personal information we collect may include your health or other sensitive information.
What personal information do we collect?
The personal information we collect about you depends on your relationship with us and the nature of any support services that we are providing to you.
Donors and supporters
We may collect the following personal information about you if you are a donor or supporter:
your name and contact details (including email, telephone/mobile number and address);
payment information such as payment method (e.g. cheque, cash, credit card). For transactions made through Eway save: credit card type, first and last 4 digits of the credit card number and expiry date;
amount of your donation(s);
date of donation(s) and any campaign they relate to; and
details of any previous donations.
We may collect your personal information from you directly, or from third parties such as GoodCompany, Everyday Hero and GoFundraise, if you register with them to raise money for OCA.
Job applicants and volunteers
Depending on whether you are a volunteer or a job applicant, we may collect the following personal information about you:
your name, contact details and emergency contacts;
your qualifications and skills, past employment history, memberships of professional associations and details of referees;
details of your previous volunteer work with us; and
a police or working with children check which is required for some employee and volunteer positions.
Those we support
Depending on the nature of the support we are providing to you, we may collect the following personal information about you:
your name and contact details; and
details of your condition, including the type and stage of cancer, when you were diagnosed, where and how you are being treated and your family history.
Users of Ovarian Cancer Australia Connect and Online Forum
If you use our online forum, Ovarian Cancer Australia Connect, we may collect the following personal information about you:
name and contact details;
date of birth
posts you make (including any replies);
Depending on the nature of our interactions with you, we may collect the following personal information about you:
name and contact details;
date and stage of diagnosis;
health professional details;
details of the nature of your relationship with OCA; and
details of your enquiry or complaint.
Dealing with us anonymously or using a pseudonym
You may deal with us anonymously or use a pseudonym, wherever it is lawful and practical to do so. Donors can choose to make donations anonymously, however if paying by credit card we will need to collect some personal information in order to be able to process your donation
Website and cookies policy
How do we use and disclose your personal information?
How we use and disclose your personal information also depends on your relationship with us and the nature of any support services that we are providing to you.
Donors and supporters
We use your personal information for the purposes of processing your donation, financial reporting, and contacting you about our activities and events if you have asked us to. If you have chosen to make a public donation, then we may disclose your name and the amount of the donation on our website for as long as the fundraising campaign continues (variable by campaign). If you do not wish to have your information displayed, you can opt to make an anonymous donation.
Job applicants and volunteers
We use your personal information to process your job or volunteer application, and if you are a volunteer, for management and HR purposes. We do not disclose your personal information to any third parties without your consent.
Those we support
We use your personal information to provide you with our services as a person affected by cancer and ensure the consistent provision of support services. We do not disclose your personal information to any third parties. Patient information is never distributed. Please be aware when using the forum that the user name and profile picture and any posts you make will be visible to the general public (with replies etc. only possible for registered users). Should you wish to protect your identity please choose a username and profile picture which does not reveal your identity and be aware when posting that your posts will be viewable to the public.
Depending on the nature of your relationship with us, we may use your personal information to respond to your enquiry or complaint, provide you with our publications, send you surveys or contact you with information regarding our activities and events or services. We may also disclose your personal information where required or authorised by or under an Australian law, or court or tribunal order, or where otherwise legally permitted.
If you have asked to receive information from us about our activities and events, we may contact you via post, phone and/or email. You can opt-out of receiving such communications from us at any time by contacting us on 1300 660 334 / email@example.com or by going to the ‘Contact Us’ section of the OCA website.
How do we store your personal information and keep it secure?
We understand the importance of the personal information that we hold and we take reasonable steps to protect that personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information may be stored in hard copy documents held in locked filing cabinets on our premises, or in electronic format on cloud based database hosted in Australia. Access is restricted to those within our organisation who require it in order to carry out their role with OCA.
If a data breach occurs that involves unauthorised access to, unauthorised disclosure of, or loss of, personal information we hold, and this is likely to result in serious harm to any of the individuals about whom the information relates, we will comply with the data breach notification scheme in the Privacy Act. Depending on the circumstances (including whether we are able to take remedial action to prevent any serious harm), this may include notification to the Office of the Australian Information Commissioner, affected individuals and/or publication of a statement on our website.
If the information that we hold about you forms part of a health or medical record that we hold as your support service provider, that information will be held for a period of at least seven (7) years from the last time we provided you with a health service, in accordance with the Victorian Health Records Act 2001 or other applicable laws. If the health record is that of someone under the age of 18, that information will be held at least until that person turns 25.
How can you access your personal information?
You have a right to access the personal information OCA holds about you subject to certain exceptions. If you would like to request access, please contact us on the details below. We will need to verify your identity before we can provide you with access. Access will be granted, except in circumstances set out in the Privacy Act and other applicable laws, such as if providing you with access would unreasonably impact on the privacy of others or if we are required or authorised by law to deny access. If we refuse your request, we will give you written notice of our decision, including our reasons (unless providing reasons would have an unreasonable impact on us or third parties) and how to complain if you are not satisfied with our decision.
Quality and Correction of personal information
OCA takes reasonable steps to ensure that the personal information it collects about you is accurate, up-to-date and complete, and also when using and disclosing it, that it is relevant for the purposes of the use or disclosure. If we are satisfied that any of the information should be corrected we will also take reasonable steps to correct that information. If you believe that the personal information that OCA holds about you is inaccurate, incomplete, out-of-date, irrelevant or misleading, please let us know by contacting us on the details below. If we do not agree that your information needs correcting, we will give you written notice of our decision, including our reasons (unless providing reasons would have an unreasonable impact on us or third parties) and how to complain if you are not satisfied with our decision. You can also ask us to associate a statement with the personal information which explains that you believe it is incorrect. You will not be charged for making a correction request or requesting us to associate a statement with your information.
Privacy Queries and Complaints
The Privacy Officer
Ovarian Cancer Australia
Level 1, 210 Lonsdale Street
Melbourne VIC 3000
Phone: (03) 9289 9777
We will investigate and respond to your complaint within a reasonable period, generally within 30 days. We may need to request more information from you and we may propose a resolution to your complaint. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (www.oaic.gov.au) or the regulator of health records legislation in your jurisdiction. In Victoria this is the Health Complaints Commissioner (https://hcc.vic.gov.au/).
Last updated: July 2020