Asthma WA will endeavour to handle your personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles which sets out the way organisations can collect, use, disclose and provide access to Personal and Sensitive Information.
Privacy Act 1988
Australian Privacy Principles 2014 (APP)
Spam Act 2003
What is personal information?
The Privacy Act defines ‘personal information’ as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not; and
- Whether the information or opinion is recorded in a material form or not.
Types of information
Asthma WA collects your Personal and Sensitive Information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities or if one of the other exceptions applies under the APPs.
We may collect Personal Information about you, including the following which may not all be relevant to you depending on the services you access:
- Your full name and contact details, gender and date of birth
- Medicare or Department of Veterans’ Affairs number
- Country of birth
- Details of your parent or carer and details of your medical practitioner
- Payment and purchasing details (where you make payments or donations to us)
- Professional and/or education details
- Any other information you provide to us
We may also collect Sensitive Information about you, such as:
- Whether you are of Aboriginal or Torres Strait Islander origin
- Language and cultural diversity information
- Respiratory condition details
- Disability status
- Health and lifestyle information you provide us during the provision of Asthma WA services
- Medical history including medications you have been prescribed
- Health information such as height, weight, daily physical activities, nutrition and lifestyle choices
- Diagnosis and treatment information
- Any other information you provide to us
Collection of Information
We only collect your information by lawful and fair means. We will always collect Personal Information from you directly unless it is unreasonable or impractical for us to do so. When a person with asthma is under 15 years old or lacks the mental capacity and legal competence to make decisions, the person’s primary carer or guardian must consent to the collection of the person’s information.
We collect personal information from people who are connected to our operations including recipients of support services, donors, supporters, employees, volunteers, health professionals, service providers and suppliers.
We collect personal information in a few different ways, including:
- Forms you provide to us
- Electronically, such as through our website
- Phone calls
- Information you provide while visiting us or participating in programs or services provided by us
- Other correspondence, such as email and mail.
We also obtain personal information from third parties such as health professionals. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.
Use of your information
Asthma WA may collect your personal information for several purposes, including:
- To provide you with information and support services
- To provide you with information about asthma risk factors, such as high pollen count / pollution days and linked conditions
- To communicate with you about donations, fundraising, products, services, campaigns and events
- To participate in research projects
- To provide you with information about volunteering and advocacy
- To verify your identity
- To improve and evaluate our programs and services
Where Asthma WA collects your personal information for a specific purpose not outlined above, we will provide you with a collection notice which explains the primary purpose and any related secondary purposes for which we are collecting your personal information.
From time-to-time, Asthma WA will provide statistical information to the Western Australian Department of Health, or other organisations that provide funding to Asthma WA. This information is statistical information and does not identify individuals.
We do not currently disclose your Personal Information to overseas parties. If your Personal Information is transferred overseas, we will comply with our obligations under the APPs.
Disclosure of your information
Asthma WA will only transfer your Personal Information to third parties in the following circumstances:
- Where you have consented to the disclosure
- To health care professionals and service providers
- To contractors who perform services on our behalf, such as mailing houses, printers, information technology services providers, database contractors
- To researchers who conduct research studies to the causes, diagnosis, treatment and cures of asthma and COPD.
- Program evaluators, in line with program requirements or needs.
- Government agencies including enforcement agencies where a statutory requirement to report certain matters arises during the collection of personal information.
It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a pseudonym when interacting with us. You can remain anonymous when using some parts of our Websites. However, it may be necessary for us to collect your Personal or Sensitive Information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
Sensitive and Health information
As part of administering our services, Asthma WA may collect health information and other sensitive information from you. This may include medical history and treatment notes. Asthma WA will limit the collection of sensitive information to the minimum amount required to perform our services.
If we collect health information from a third party (for example a doctor or specialist health provider) Asthma WA will let you know that this information has been collected and we will explain how the information will be used and disclosed.
If Asthma WA wishes to use health information provided by you for research or statistical purposes, this information will be de-identified unless you have given your consent for us to identify you.
Asthma WA may collect your health information for several purposes, including:
- To provide services or to carry out Asthma WA functions;
- To assist Asthma WA and its employees, volunteers and subcontractors to fulfil its duty of care to our service users;
- To comply with Department of Health and other funding bodies reporting requirements; and
To investigate incidents with relation to service users and/or defend any legal claims against the service, or its employees
Security of your information
We take appropriate steps to protect your Personal and Sensitive Information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.
Your personal information will be stored on a password protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.
Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years.
Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Website usage information and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
We use Google Analytics features based on Remarketing, Google Analytics Demographics, and Interest Reporting. These features use first-party and third-party cookies to inform and optimise content based on your past visits to our site.
We also use pixel tracking, which indicates when your computer has visited pages on our websites where a pixel has been installed. As with cookies, this does not identify you personally, only the device you are using.
Google Analytics informs us of how visitors use our site based on your browsing habits, so that we can improve our site to make it easier for you to find the information you are seeking. Google also receives this information as you browse our site and other websites on the Google Display Network using Remarketing.
If you would like to opt-out of customised Google Display Network services and Google Analytics for Display Advertising you can use Ad Settings. You can also use the Google Analytics Optout Browser Addon so you are not tracked into Google Analytics.
Links to other sites
Accessing and Correcting information
We will take reasonable steps to ensure that all Personal Information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading. We will correct any Personal Information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading.
You may request to access or correct your Personal Information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
We are not responsible for any problems that may arise if you do not give us accurate, truthful or complete information or if you fail to update such information. We will reject and delete any entry that we believe in good faith to be false, fraudulent or inconsistent with these terms and conditions.
If you wish to amend any of your details or the information you have provided to us please contact us using the details on the Websites. If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
Direct communication and promotional materials
Where Asthma WA uses your personal information to send you marketing and promotional information by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information. By electing not to opt-out, Asthma WA will assume we have your implied consent to receive similar information and communications in the future. Asthma WA will always ensure that our opt-out notices are clear and easy to find.
If you do not wish to receive direct marketing communications from Asthma WA, please email firstname.lastname@example.org or phone 08 9289 3600
It is our policy that all electronic communications will include an unsubscribe facility. The Spam Act prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes.
Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Asthma WA do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association. See www.adma.com.au/comply/code-of-practice/ for further information.
Your direct debit or credit cards
Asthma WA uses Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.
Asthma WA is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our alignment with this standard is reflected in the people, technologies and processes we employ.
Notifiable Data Breaches
The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Asthma WA to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Asthma WA will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See www.oaic.gov.au/ for further information
Complaints and Enquiries
Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time (usually within 30 days).
If you are dissatisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au).
PO Box 864, West Perth WA 6872
Phone: 08 9289 3600
Approved: December 2022