Search
_
Shop
Contact Us
Donate

Home > Privacy

Introduction | Data security and privacy | Privacy collection statement  | Privacy notice | Contacting us

Privacy Notice

Introduction

HeartKids respects your privacy and is committed to complying with the Australian Privacy Principles. The Australian Privacy Principles are contained in the Privacy Act 1998 (Cth), which regulate how organisations handle personal information.

This privacy notice will answer your questions about the type of information HeartKids collects and how we manage and protect it.

If you have any queries or wish to receive more information on HeartKids information practices, please contact the Privacy Officer on 1800 432 785.

What is Personal Information and Personal Data?

‘Personal Information’ means any information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.

‘Personal data’ means any information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in material form or not, relating to: (i) an identified or identifiable or apparent or reasonably ascertainable natural person or (ii) an identified or identifiable legal entity (in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or otherwise where such information is protected similarly as Personal Data or personally identifiable information or personal information under applicable Data Protection Laws and Regulations). This includes Personal Information.

‘Sensitive Personal Data’ is a subset of personal data and includes a person’s race or ethnic origin, political opinions, religious beliefs or associations, philosophical beliefs, memberships, sexual orientation or health, genetic or biometric information.

‘Health Data’ means Personal Data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status, and (if relevant) any information which is “health information” (as that term is defined in the Privacy Act).

What types of personal data does HeartKids collect?

HeartKids may collect the following types of personal information about you or members of your family:

  • personal contact information such as name, mobile device number, residential address, email address and encrypted password;
  • donor information such as name, phone number, address, email address, and payment details;

  • consumer and family information such as name, age, medical condition, support history, and Health Information (with consent);
    photographs and images;

  • contact preferences and campaign participation details for media and direct marketing activities.

  • employment and engagement details including employer/engager name, job title and function, identity and contact details;

  • geolocation data, unique IDs collected from mobile devices, network carriers or data providers; and

  • Biometric Data, authentication data, financial and payment information and such other information necessary or convenient for delivering or in connection with our Services.

For more detail on this data collection, review the full Privacy Notice available here

How does HeartKids collect personal information?

HeartKids may collect personal information from you when:

  • when you complete an application, consent, purchase, account sign-up or similar form via the HeartKids Platform or otherwise;

  • when you use the HeartKids Platform, the HeartKids Service or the HeartKids App;

  • when you contact us to submit a query or request;

  • when you post information or otherwise interact with the HeartKids Platform;

  • from you when you participate in one of our surveys;

  • from you when you request a call back from us;

  • from those who request our Services on your behalf;

  • from publicly available sources of information;

  • from you when you subscribe to a marketing list;

  • from you when you request further information from us;

  • from you at a conference or event;

  • from you or a relevant Customer when we enter into a Customer Agreement for the provision of Services;

  • from government regulators, law enforcement agencies and other government entities;

  • from business contacts, external service providers and suppliers; or by other means reasonably necessary.

Website usage and cookies

When you access and use our website, we may use software embedded in our website (such as JavaScript) and cookies (which are small summary files containing a unique ID number) to track the navigation and/or track items added to the e-commerce facility when you make an online donation to HeartKids or purchase a HeartKids product. Our third party credit card transaction processor, eWay uses cookies for transaction integrity and anti-fraud purposes.

A cookie does not identify an individual personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

We may log your IP addresses, that is, the electronic addresses of computers connected to the internet, to analyse trends, administer the website, track user’s movements and gather broad demographic information. This information does not identify you personally.

Privacy when you are using UpBeat

UpBeat is the teen transition smartphone application (app) developed by HeartKids.

All information in UpBeat is stored locally on your phone, rather than on an external server. This means that HeartKids (or any other third party) does not store, and cannot access, any of the information or documents you upload to UpBeat.

As your information and documents are stored locally on your phone, protecting your privacy is mainly about keeping your phone secure. If you don’t want anyone to see the information you have stored on UpBeat, ensure you are using adequate security settings on your phone or device. This could be a passcode, fingerprint or face identification login.

When you first get started on UpBeat, you’ll be asked for a name and date of birth. UpBeat asks for a name so that it knows what to call you while you are using the app. This information is used to personalise your experience on UpBeat. HeartKids does not store this information or use it for other purposes.

Some content in UpBeat is hosted on the HeartKids website. When you select these features in UpBeat, you will be taken off the app and to the HeartKids website. When you are on the HeartKids website, the privacy features are different. See the section above this one, ‘Website usage and cookies’, for more information about privacy on the HeartKids website.

Why do we collect personal information and how we may use it?

HeartKids collects personal information from a range of individuals including donors, supporters, volunteers, families, and consumers of our services.

This information is collected for purposes such as facilitating support programs, fundraising, communication, media and direct marketing, event management, and general business operations. We will only collect personal information where it is reasonably necessary for our functions or activities, or as otherwise required or authorised by law.

    Marketing communications

    Where we use your personal information to send you marketing and promotional information by post, email telephone or SMS, we will provide you with an opportunity to opt out of receiving such information in the future. You may also contact us to remove any previous consent you provided to receive marketing communications from us. By electing not to opt out, or contact us to withdraw your consent, we will assume that we have your consent to receive marketing communications in the future.

    If you do not wish to receive marketing communications from us, please contact us on 1800 432 785 or email office@heartkids.org.au.

    What happens if you choose not to provide some personal information?

    If you do not provide us with the personal information described above, some or all of the following may happen:

    • We may not be able to provide you with information about events, services or products that you may want
    • We may not be able to provide the requested services, events or products to you, either to the same standard or at all
    • We may not be unable to tailor the content of our website to your preferences

    Where practical, you will be given the opportunity to engage with us on an anonymous basis, or using a pseudonym.

    To whom do we disclose your personal information?
    We may disclose Personal Data and you expressly consent to us disclosing, for the purpose of use or other Processing, such Personal Data to:
    • 6.1.1 Third Parties engaged by us to perform functions related to the UpBeat App, the HeartKids Platform or the HeartKids Service;
    • 6.1.2 Third Party Service Providers who perform functions or provide Services on our behalf;
    • 6.1.3 relevant regulatory bodies in the industry in which we or you operate;
    • 6.1.4 our professional advisors, including our accountants, auditors and lawyers;
    • 6.1.5 our Related Bodies Corporate;
    • 6.1.6 a relevant person entitled to use or enjoying rights concerning the HeartKids Service;
    • 6.1.7 persons authorised by you to receive Personal Data or other data held by us;
    • 6.1.8 persons authorised by you to receive information held by us;
    • 6.1.9 a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law;
    • 6.1.10 a party to a transaction involving the sale of all or any part of the HeartKids business or any other part of our business or our assets or a sale of new or existing securities in HeartKids; and
    • 6.1.11 any other persons as required or permitted by any law.

    Clauses 6.1.1 to 6.1.10 do not apply to Sensitive Personal Data.

    Disclosure overseas

    We may in some circumstances send your Personal Data to overseas recipients to enable us to provide our Services to you or as contemplated by clause 6.1 or to facilitate or ameliorate the provision of our Services to you or a Customer. This may be for the purposes of disclosure but commonly will be for the purposes of use or Processing (i.e. without releasing the subsequent handling of Personal Data from our effective control).

    Is your personal information stored safely?

    In relation to all Personal Data, we will take all reasonable steps to:

    • ensure that the Personal Data we collect is accurate, up to date and complete;
    • ensure that the Personal Data we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
    • protect Personal Data from misuse, loss or unauthorised access and disclosure.

    Security: We store your Personal Data on a secure server behind a firewall and use security software to protect your Personal Data from unauthorised access, destruction, use, modification or disclosure. Only Authorised Personnel may access your Personal Data for the purposes of disclosure set out in clause 6 above. 

    Obligation to notify: Please contact us immediately if you become aware of or suspect any misuse or loss of your Personal Data.

    Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

    How do I access, correct or update my personal information?

    You may request access to any personal information we hold about you at any time by contacting us by mail, email or phone.

    If you require access to your Personal Data, please contact us using our contact details indicated below. You may be required to put your request in writing and provide proof of identity.

    We will deal with your request to provide access to your personal information within a reasonable time. HeartKids is not obliged to allow access to your personal data subject to the details listed under Section 7 of the HeartKids Privacy Notice available here. 

    We request that you keep your Personal Data as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can contact us using our contact details set out at clause 11 and we will correct or update your Personal Data.

    How do I complain?

    If you have a complaint about how we collect, use, disclose, manage, otherwise Process or protect your Personal Data, or consider that we have breached applicable Data Protection Laws and Regulations or the APPs, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving it.

    If you would like to make a complaint regarding our privacy practices or the manner in which we handles your personal information please contact our Privacy Officer on 1800 432 785 or email office@heartkids.org.au.

    If you are dissatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner at www.oaic.gov.au.

    How are Identifiable data breaches handled?

    We are required to comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

    Investigation and assessment: If we become aware that a Data Breach in respect of Personal Data held by us may have occurred, we will:

    • investigate the circumstances surrounding the potential Data Breach to determine whether a Data Breach has occurred; and
    • if a Data Breach has occurred, carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.

    Please refer to section 9 of the HeartKids Privacy Notice for further details on response to identifiable data breaches.

    Changes to our Privacy Policy

    HeartKids may change, vary or modify all or part of this Privacy Notice at any time in our sole discretion.

    • It is your responsibility to check this Privacy Notice periodically for changes. If we issue a new Privacy Notice:
    • we will post the new Privacy Notice on the Platform; and
    • it will then apply to you through your acceptance of it by subsequent or continued use of the Platform and/or by being a Customer acquiring relevant goods and/or services from us or otherwise in respect of your relationship and dealings with us.
    Privacy collection statement – HeartKids services and your data

    HeartKids Limited (ABN: 22 613 854 336) (HeartKids) collects, stores, uses, and discloses your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), our internal Data Governance Framework, Privacy Policy and Collection Notice. We may collect information directly from you or from third parties with your consent, for purposes including service delivery, stakeholder engagement, fundraising, and operational management.

    HeartKids may also collect video, photo, or audio recordings during events or fundraising events. Where HeartKids have direct contact with individuals for the purpose of resource development, a consent form will be completed, uploaded to the contact record and preferences recorded.

    HeartKids may also collect audio, video, and images of you while in attendance at a public event, during the course of activities. These images may be used for generalised promotional materials related to the event. Please contact our Privacy Officer for more information should you identify images or video you would like removed. In instances where HeartKids is capturing video or photographic at public events, signage will be displayed to advise that filming will be taking place.

    Your data may be shared with third-party providers who assist us with IT systems, CRM, or payment processing – always under strict confidentiality and data security requirements.

    You have the right to access, correct, or request deletion of your information where appropriate. Requests will be managed in line with our Data Information, Management and Retention Policy and legal obligations (e.g., record-keeping for financial and health information).

    We are committed to cultural safety and best practice in handling data from Aboriginal and Torres Strait Islander peoples and follow the First Nations Data Governance Framework.

    For more information, please contact the HeartKids Privacy Officer at office@heartkids.org.au or phone (02) 9460 7450.

    Privacy collection statement – events, newsletters and sign-ups

    HeartKids Limited (ABN: 22 613 854 336) (HeartKids) collects your personal information to provide services, communicate with you, process donations, manage events, and meet our legal obligations in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), our internal Data Governance Framework, Privacy Policy and Collection Notice.

    HeartKids may also collect audio, video, and images of you while in attendance at a public event, during the course of activities. These images may be used for generalised promotional materials related to the event. Please contact our Privacy Officer for more information should you identify images or video you would like removed. In instances where HeartKids is capturing video or photographic at public events, signage will be displayed to advise that filming will be taking place.

    We respect your privacy and manage your data in accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). For more details on how we handle your personal information, including how to access or correct your data, or to make a complaint, please refer to our complete Privacy Notice or contact us at office@heartkids.org.au.

    Contacting Us

    If you have any questions about this privacy policy, please contact us using the details below:

    Postal Address:
    Privacy Officer
    HeartKids
    PO Box 2037,

    North Parramatta NSW 1750

    Phone:
    1800 432 785

    Email:
    office@heartkids.org.au

    This will close in 0 seconds