Privacy Policy of the TLR Foundation

Our Privacy Commitment

Protecting your privacy is a priority at The TLR Foundation ABN 62 622 437 254 (referred to as “TLR”, “we”, “us” and “our”) and we will endeavour to handle your personal or sensitive information in accordance with our Privacy Policy and the Australian Privacy Principles.

Our Privacy Policy lets you know how we handle your personal information. We may revise this Privacy Policy from time to time by updating this page. The revised Privacy Policy will take effect when it is posted on our website.

What is personal information?

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

The types of personal information we collect may include your name, date of birth, gender, contact information, credit/debit card information, health information and other information about your history with, or relationship to donating bone marrow/stem cells or with a type of disease treatable by a bone marrow/stem cell transplant.

Whose personal information do we collect?

We collect personal information from people who are connected to our operations and activities. These include employees, donors, research study participants, recipients of support services, participants in advocacy campaigns or health promotion projects, health professionals, suppliers, volunteers and service providers.

How do we collect your personal information?

In most instances, we will collect your personal information directly from you. This may be in person, by phone, via mail, or online.

We also obtain personal information from third parties such as fundraising service providers, vendors, health professionals, social and community workers. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.

Why do we collect your personal information?

We may collect your personal information for a number of purposes, including:

  • Marketing: to communicate with you about donations, products, services, campaigns, causes and events
  • Support services: to provide you with information and support services, and to evaluate and report on these services. This may also include a newsletter
  • Research: to conduct and/or fund research into the causes of Graft vs Host Disease (GvHD), as well as diagnosis, treatment and cures, improvement in quality of life, and other research news
  • Health promotion: to provide you with information about donating bone marrow/stem cells and the care given by nurses, and to seek your support for campaigns
  • Volunteering and other support: to enable you to assist us with volunteering, community fundraising, advocacy and other activities where community assistance is required
  • Other issues: communicating with you in relation to our operations, activities and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.

Where we collect your personal information for a specific purpose not outlined above, we will provide you with a collection notice which explains the primary purpose and any related secondary purposes for which we are collecting your personal information.

Health information and other sensitive information

As part of administering our services, we may collect health information and other sensitive information. For example, we may collect medical history information from you, if you are participating in bone marrow/stem cell donation or are part of a health program or research study. Sensitive information includes the following type of information: racial or ethnic origin; memberships; sexual orientation; genetic information. We will however, limit the collection of sensitive information to the minimum amount required to perform our services.

What happens if you don't provide all this information?

If you do not provide some or all of the personal information requested, we may not be able to offer you services or provide you with information about our causes, events, programs and projects.

Using a pseudonym or engaging with us anonymously

Where practicable, you will be given the opportunity to engage with us on an anonymous basis, or using a pseudonym.

Website usage and cookies

When you access our website, we may use software embedded in our website (such as Javascript) and we may place small data files (or cookies) on your computer or other device to collect information about which pages you view and how you reach them, what you do when you visit a page, the length of time you remain on the page, and how we perform in providing content to you.

A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.

Opting out of direct marketing communications

Where we use your personal information to send you marketing and promotional information by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information. By electing not to opt-out, we will assume we have your implied consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to take up.

If you do not wish to receive direct marketing communications from us, please contact us at 5105/393 Pitt Street, Sydney NSW 2000, Tel: + 61 414 900 774 and email: info@tlr.org.au.

To whom does The TLR Foundation disclose your personal information?

We may need to disclose your personal information to others in order to carry out our activities. This may include:

  • Our employees, related corporate bodies, contractors or service providers for the purposes of operation of our website or our business, fulfilling request by you, and to otherwise provide products and services to you including, without limitation, health care professionals, web hosting providers, IT system administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, and professional advisors such as accountants, solicitors, business advisors and consultants;
  • Suppliers and other third parties with whom we have a commercial relationship, for business, marketing and replated purposes; and
  • Any organisation for any authorised purpose with your expressed consent.

These contractors and service providers are bound to handle and destroy your information in accordance with the Privacy Principles when operating in Australia.

Wherever we propose to disclose your personal information to a third party not outlined above, we will provide you with a collection notice which explains the circumstances in which we might disclose your personal information. We do not sell your personal information to others.

Cross-border disclosures of your personal information

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to entities (eg: our data hosting and other IT service providers) located outside of Australia.

Countries include (but are not limited to):

United Kingdom

United States of America

Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners associated with the TLR.

We take such steps as are necessary to ensure that any overseas third party service providers we engage do not breach the Australian Privacy Principles, including through contractual arrangements.

If your personal information is collected using a collection notice that references this Privacy Policy, you are taken to consent to the disclosure, transfer, storing or processing of personal information outside of Australia. You also acknowledge and understand that by providing such consent that we will not be required to take such steps as are reasonable in the circumstances to ensure such third parties comply with the Australian Privacy Principles

Where is your personal information stored?

We take all reasonable steps to protect all of the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will be stored on a password protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite.

Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years, with a third party provider of secure archiving services.

Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information. We take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.

Credit cards

The TLR Foundation wants to ensure that all of our supporters can donate and sponsor online with complete confidence.  We have taken every possible measure to give absolute security to you in your dealings with us.

TLR has contracted GiveNow and Grassrootz to securely handle registration, donation and credit card transactions originating from the TLR website.

The service provider uses Secure Sockets Layer technology, also known as SSL, to ensure a safe, sound and secure experience and are certified as PCI compliance level one. At no time does TLR have access to this credit card information. It is never stored on our servers, however is encrypted and stored by our service providers.

Where credit card information is provided to us in hard copy, all credit card details are destroyed. The hard copy documentation is stored in a locked facility for a period of time, until it is securely archived or destroyed. Access to this information is restricted to our authorised staff only.

Access to your personal information

You may request access to any personal information we hold about you at any time by contacting us, in writing.  Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (eg: by mail or email).  We may charge you a reasonable fee where the retrieval of information incurs costs to the Foundation. We will not charge simply for making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold, (eg: we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality).

If we are unable to give you access to the information requested, we will give you reasons for this decision when we respond to your request

Bone marrow/stem cell donors should note that access to personal information such as HLA tissue typing is not granted by TLR as this information is held by the Australian Bone Marrow Donor Registry.

Updating your personal information

If you believe that information we hold about you is incorrect or out of date, or if you have concerns about how we are handling your personal information, please contact us and we will try to resolve your concerns.

Alternatively, if you wish to have your personal information deleted, please contact us and we will take reasonable steps to delete it, unless we need to keep it for legal reasons.

For access or updating information, please contact us at: The TLR Foundation, 5105/393 Pitt Street, Sydney NSW 2000 Tel: +61 414 900 774 and email: info@tlr.org.au

Complaints

If you have any queries or would like to make a complaint regarding relating to our Privacy Policy or the manner in which we handle your personal information, please contact our Privacy Officer, Kathryn Viegas, on +61 405 413 675 or email: info@tlr.org.au

We will use our best endeavours to resolve your complaint within fourteen days of receipt.   If you are not happy with our response, please refer the matter to the Privacy Commissioner (see www.oaic.gov.au).

If you do not provide some or all of the personal information requested, we may not be able to offer you services or provide you with information about our causes, events, programs and projects.

This page was last updated on: Thursday, 14 June, 2018