HeartKids respects your privacy and is committed to comply with the Australian Privacy Principles.  The Australian Privacy Principles are contained in the Privacy Act 1998 (Cth), which regulate how organisations handle personal information.

This privacy policy will answer your questions about the type of information collects and how HeartKids manages and protects it.

If you have any further queries or wish to receive more information on our in relation to HeartKids information practices and privacy policy, please contact the Privacy Officer on (02) 9460 7450.

What is Personal Information?

‘Personal information’ is any information, or an opinion, which can identify a person and may include a person’s name, address, telephone number, email address and profession/occupation.  If the information we collect personally identifies you or you are reasonable identified from it, the information will be considered personal information.

‘Sensitive information’ is a subset of personal information and includes a person’s race or ethnic origin, political opinions, religious beliefs or associations, philosophical beliefs, memberships, sexual orientation or health, genetic or biometric information.

‘Health information’ is sensitive personal information which includes information about a person’s health, disability, and use of health services. Sometimes, details about a person’s health or medical history can identify them.

What types of personal information HeartKids collect?

HeartKids may collect the following types of personal information about you or members of your family:

  • contact details (including name mailing or street address, email address, telephone number and fax number)
  • personal details (including age or date of birth, gender)
  • information on personal issues and experiences, relationships
  • family background, supports you or a family member may have in the community
  • health information and/ or medical history
  • profession, occupation or job title
  • credit card details or bank account details
  • details of the products or services you have enquired about, accessed or purchased
  • any additional information relating to you that you provide to us directly through our websites or indirectly through use of our website or online presence, through our representatives or otherwise
  • information you provide to our offices through surveys or communication with our representatives

HeartKids will always collect personal information in a lawful and fair manner.

How does HeartKids collect personal information?

HeartKids may collect personal information from you when:

  • You complete a form or an application online or in hard copy
  • You contact us via email or phone
  • You respond to HeartKids fundraising mail or phone call
  • You attend a HeartKids event

We may also collect your personal information from publicly available sources, such as the telephone directory.

Website usage and cookies

When you access and use our website, we may use software embedded in our website (such as JavaScript) and cookies (which are small summary files containing a unique ID number) to track the navigation and/or track items added to the e-commerce facility when you make an online donation to HeartKids or purchase a HeartKids product. Our third party credit card transaction processor, eWay uses cookies for transaction integrity and anti-fraud purposes.

A cookie does not identify an individual personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

We may log your IP addresses, that is, the electronic addresses of computers connected to the internet, to analyse trends, administer the website, track user’s movements and gather broad demographic information. This information does not identify you personally.

Privacy when you are using UpBeat

UpBeat is the teen transition smartphone application (app) developed by HeartKids.

All information in UpBeat is stored locally on your phone, rather than on an external server. This means that HeartKids (or any other third party) does not store, and cannot access, any of the information or documents you upload to UpBeat.

As your information and documents are stored locally on your phone, protecting your privacy is mainly about keeping your phone secure. If you don’t want anyone to see the information you have stored on UpBeat, ensure you are using adequate security settings on your phone or device. This could be a passcode, fingerprint or face identification login.

When you first get started on UpBeat, you’ll be asked for a name and date of birth. UpBeat asks for a name so that it knows what to call you while you are using the app. This information is used to personalise your experience on UpBeat. HeartKids does not store this information or use it for other purposes.

Some content in UpBeat is hosted on the HeartKids website. When you select these features in UpBeat, you will be taken off the app and to the HeartKids website. When you are on the HeartKids website, the privacy features are different. See the section above this one, ‘Website usage and cookies’, for more information about privacy on the HeartKids website.

Why do we collect personal information and how we may use it?

HeartKids only collects personal information to the extent necessary to enable us to carry out our activities and functions.

We collect, hold and disclose your personal information for the following purposes:

  • To provide services, events or information to you
  • To let you know about our events and programs
  • To answer your enquiries or provide you with advice or send you information on childhood heart disease
  • To provide you with access to protected areas of our website and/or to assess the performance of the website and to improve the operations of the website
  • To update our records and keep your contact details up to date
  • For the administrative, planning, product or service development, quality control and research purposes of HeartKids
  • To process and respond to any complaint made by you
  • To conduct business processing functions, including providing personal information to our related bodies corporate, contractors, service providers, or other third parties
  • To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
Marketing communications

Where we use your personal information to send you marketing and promotional information by post, email telephone or SMS, we will provide you with an opportunity to opt out of receiving such information in the future. You may also contact us to remove any previous consent you provided to receive marketing communications from us. By electing not to opt out, or contact us to withdraw your consent, we will assume that we have your consent to receive marketing communications in the future.

If you do not wish to receive marketing communications from us, please contact us on (02) 9460 7450 or email

What happens if you choose not to provide some personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

  • We may not be able to provide you with information about events, services or products that you may want
  • We may not be able to provide the requested services, events or products to you, either to the same standard or at all
  • We may not be unable to tailor the content of our website to your preferences

Where practical, you will be given the opportunity to engage with us on an anonymous basis, or using a pseudonym.

To whom do we disclose your personal information?

HeartKids may disclose your personal information to:

  • HeartKids: to provide you with requested services, events or products or to provide you with information about their services, events or products
  • External support services: to volunteers, health care professional, counsellors, funders, or other service providers, for the purpose of conducting our business, providing services or events to you or fulfilling requests made by you
  • Contractors, suppliers and other third parties: with whom we have commercial relationships, for business, marketing, and related purposes

Where HeartKids does disclose your personal information it will take steps to ensure that the third parties:

  • comply with the Australian Privacy Principles when they handle your personal information; or
  • are authorised only to use your personal information in order to provide the services or to perform the function required of HeartKids.

We will not disclose your personal information for any other purpose unless we have your consent, you would reasonable expect us to disclose your personal information for that purpose or it is permitted by law.

Disclosure overseas

HeartKids may disclose personal information to third party suppliers and service providers located overseas for some of the purposes listed above. HeartKids takes reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. We may disclose your personal information to entities located outside of Australia such as data hosting providers, IT administrators, cloud based information technology service providers and other information technology service providers.

Is your personal information stored safely?

HeartKids take reasonable steps to ensure your personal information is protected from misuse or loss and from unauthorised access, modification or disclosure. We may hold your information either in electronic or hardcopy form.

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while be transmitted over the internet. Accordingly, any personal information or other information you transmit to us online is transmitted at your own risk.

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

How do I access, correct or update my personal information?

You may request access to any personal information we hold about you at any time by contacting us by mail, email or phone. Please see the details listed in the ‘contact us’ section below. We will deal with your request to provide access to your personal information within a reasonable time.

Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that personal information we hold about you is out of date, incomplete or inaccurate, then HeartKids will take reasonable steps to correct its records. There may be instances where we are unable to correct the personal information. If that happens we will give you written reasons for the refusal.

How do I complain?

If you would like to make a complaint regarding our privacy practices or the manner in which we handles your personal information please contact our Privacy Officer on (02) 9460 7450 or email

We will contact you within a reasonable time after receipt of your request or complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

If you are dissatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner at

How are Identifiable data breaches handled?

As of 22 February 2018, Notifiable Data Breaches Scheme introduces an obligation to notify individuals whose personal information is involved in data breach that is likely to result in serious harm.

As part of the process, this notification will include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches.

For assessment about which data breaches require notification and How to notify AOIC, HeartKids will follow the recommended process provided by the below link .CEO will make this assessment as required by the regulation.

Contacting Us

If you have any questions about this privacy policy, please contact us using the details below:

Postal Address:
Privacy Officer
PO Box 2037,

North Parramatta NSW 1750

(02) 9460 7450


Changes to our Privacy Policy

HeartKids may change or modify its privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.

We use cookies to improve your experience of using this website. By continuing to use this website you have consented to using cookies placed on your computer. To find out more please refer to our Privacy Policy.

This will close in 0 seconds