Privacy Policy

In this Privacy Policy, personal information has the meaning set out in the Privacy Act. In general terms, personal information is information (whether fact or opinion) about an individual who is identified or reasonably identifiable from that information or other information combined with that information.

Some types of personal information are 'sensitive information' and/or 'health information', which are subject to additional protection under the Privacy Act. Sensitive information may include information about your racial origin and health status, and health information may include information about a health-related service you have had or will receive.

The types of personal information we collect about you will depend on the purpose for which the personal information is collected. This can include:

• when you contact us about what we do, to make a donation, to purchase products or to buy raffle/lottery tickets –your name, date of birth, mailing or street address, telephone number(s), email address, billing or shipping information, business details, payment information (including credit card information, as this will be used by our payment gateway providers) feedback or order details;
• when you access our website or services – technical information and general analytics, such as web browser type and browsing preferences, Internet service provider, referring/exit pages, date/time stamps, IP address, time zone and geolocation data (if applicable) arising from your use of our website, as well as information about your usage of our website when browsing;
• if you have requested to receive news about exclusive offers, promotions, events, newsletters or surveys from us – your name, mailing or street address, email address, and telephone number(s);
• if you have contacted us to make a complaint, provide feedback, submit an enquiry or request information – your name, mailing or street address, email address and telephone number(s);
• in the case of prospective employees, contractors, researchers or scholarship recipients – information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers; in the case of our suppliers and distributors – your name, mailing or street address, email address, and telephone number(s);
• information we require to meet our legal and regulatory obligations; or
• any other information you provide while interacting with us.

Generally, we will not collect sensitive information about you. However, in certain circumstances, we may collect (intentionally or inadvertently) limited sensitive information about you. For instance, we may collect sensitive information about you if:

• while conducting our research – you choose to disclose information to us, such as information regarding your medical history, medical results, or other health information; or
• in the case of prospective or current employees, contractors or researchers – you choose to disclose information to us, such as information regarding your disabilities or medical conditions.

We collect your personal information directly from you, including when you:

• access or use our website;
• subscribe to or purchase our products or services;
• sign up to receive news and exclusive offers, promotions or events, or request information or material from us;
• make inquiries about us or our products or services or otherwise communicate with us by email, by telephone, in person, via a website or otherwise; and
• apply to work with us, receive a scholarship from us, or are engaged by us as a contractor or researcher.

Where it is reasonable and practicable to do so, we will only collect personal information about you from you directly and not from third parties. In limited circumstances, we may collect personal information about you from:

• publicly available sources (such as the Internet);
• from third parties (such as mutual contacts, another person making a purchase on your behalf, our service providers or from your referees during the recruitment process if you apply for a job with us); and
• customers and users of our platform, products or services who share your information with us in the process of using our services and products.

While we maintain robust privacy practices, we are not responsible for the privacy practices of third parties, including Evergiving Pty Ltd (ACN 625 419 981) and Insight Enterprises Australia Pty Ltd (ACN 058 645 677), so you should review their relevant privacy policy to satisfy yourself as to how they protect and handle your personal information.

We also use the following technologies to collect technical information and general analytics:

• cookies, which are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org;
• log files, which track actions occurring on our website;
• web beacons, tags, and pixels, which are electronic files used to record information about how you browse our website; and
• Google Analytics 4 (GA4), which collects session statistics, approximate geolocation, browser and device information, to measure traffic and engagement across our website. The general analytics obtained through GA4 are aggregated, anonymised statistics which do not include personal information or IP addresses.

By accepting GA4 cookies on HRI’s website you give your express consent to the collection and disclosure of general analytics data about you. You may also decline all cookies used to collect technical information and general analytics on you when browsing our website. If you do so, you can still access our website, but it may impact your user experience.

We may also share general analytics data with other Google products, such as Google Signals, to improve our website and our products and services, and to deliver personalised ads to you. By sharing and combining general analytics data with other data Google holds about you, such as your search history or usage data from other devices, general analytics data may become personal information relevant to you.

In addition to our cookies, certain third parties may deliver cookies to your device or use tracking technologies for a variety of reasons. For example, we sometimes use web analytics tools to help us to understand how visitors engage with our website. Any third party links or advertising on our website may also use cookies or other technologies; you may receive these cookies by clicking on the link to the third party site or advertising. We do not control the collection or use of information by these third parties, and their cookies and/or tracking technologies are not subject to this Privacy Policy. You should contact these companies directly if you have any questions about their collection and/or use of information. When linking to any other site, you should always check the relevant website's privacy policy before providing any personal information.

You may opt out of targeted advertising by using these links: (i) Facebook; (ii) Google; and (iii) Bing. You can also opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal.

You do not have to identify yourself or provide any personal information if you contact us. You can also notify us that you wish to deal with us using a pseudonym. However, if we cannot collect personal information about you or if you use a pseudonym, we may not be able to provide you with the information or assistance you require, such as sending you information you have requested where you have not provided us with a valid email address or telephone number. We may not be able to control whether third party technologies we use to collect technical information and general analytics can deal with you via that pseudonym.

We use your personal information for purposes collected including managing our business and providing our products and services to you, including:

• to communicate with you, provide information to, and to address any issues or complaints that we or you may have regarding our relationship and our products and/or services;
• to provide our products and services to our supporters, including processing donations, lottery and raffle tickets and product purchases, or to receive goods or services from third parties;
  
• to verify your identity (for example, if you request access to the personal information we hold about you);
• for direct marketing purposes (see “Direct Marketing Communications” below), or to send invitations to events;
• for maintaining accurate details of our supporters’ history; keeping our supporters informed of our work;
• to prevent, detect and investigate suspicious, fraudulent, criminal or other activity that may cause you, us or others harm, including in relation to our products and services;
• to identify opportunities to improve our products and services and to improve our service to you;
• to gain insights about you so that we can serve you better, understand your preferences and interests, personalise your experience and/or enhance products and services you are offered and receive;
• to contact you regarding any of the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner;
• to enable the proper operation and functionality of our products and services, as well as the conduct of our research;
• to consider you for a job at HRI (whether as an employee or contractor), for a scholarship or other relationship with us; and
• to comply with our legal obligations, such as notifying you of matters that we may be required by law to do so.

We may also use or disclose your personal information for other purposes to which you have consented, or as permitted or required by law.

Technical information and general analytics are used for the purpose of gauging visitor traffic, trends and delivering personalised content to you while you are using our website, and to improve our website and our products and services.

We may disclose your personal information to third parties in connection with the purposes described above. This may include disclosing your personal information to the following types of third parties:

• our related companies;
• any potential third party acquirer of our business or assets, and advisors to that third party;
• our professional advisers (such as lawyers, accountants or auditors) and insurers;
• our employees, contractors and third party service providers who assist us in performing our functions and activities e.g. payment systems operators and financial institutions, cloud service providers, data storage providers, shipping companies, telecommunications providers and IT support services providers;
• organisations authorised by us to conduct promotional, research or marketing activities;
• third parties to whom you have authorised us to disclose your information (e.g. referees);
• our academic collaborative partners; and
• any other person as required or permitted by law.

On occasion it may be necessary to disclose your personal information to third parties, including our service providers and academic collaborative partners. If we so do, we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose of disclosure and in a manner consistent with applicable laws, for example (where commercially practical) by including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.

We do not sell or lease the personal information we hold to anyone for any purpose other than where you have consented or where we are authorised by law to do so.

We will only send you direct marketing communications (either through mail, SMS or email), including any news and exclusive offers, promotions, or events, where you have consented for us to do so. You may opt-out of receiving direct marketing communications at any time by contacting us or by using opt-out facilities provided in the direct marketing communications.

We store your personal information using electronic record keeping methods in secure databases. Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We do not combine or link personal information we hold about you with other personal information about you from third party sources.

We implement reasonable measures to protect and safeguard your personal information from misuse, loss and theft, and unauthorised access or disclosure. We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

However, for electronic data stores and since the Internet is inherently unsecure, we cannot guarantee the security of transmission of personal information disclosed to us online. Accordingly, you transmit your personal information to us online at your own risk and are encouraged to exercise care in sending personal information via the internet.

We store personal information in servers located in Australia. Your personal information will not be disclosed to recipients outside Australia without your express consent. However, information about your use of our website generated by GA4 may be transmitted to a Google server in the USA and stored there. Except where an exception applies under the Privacy Act or other relevant legislation, we will take commercially reasonable steps to ensure that overseas recipients to whom we disclose personal information do not breach the Privacy Act and the Australian Privacy Principles in relation to such personal information.

Generally, we will retain your personal information for the period necessary for the purposes for which your personal information was collected (as outlined in this Privacy Policy) unless a longer retention period is required by law or if it is reasonably necessary for us to comply with our legal obligations, resolve a dispute or maintain security.

When personal information is no longer required, we will take reasonable steps to delete the personal information from our systems or de-identify the personal information.

You have the right to request access to any personal information we hold about you and to have that information corrected where it is incorrect, incomplete or inaccurate. If you wish to seek access to the personal information we hold about you or request the correction of that information, please get in touch with our Privacy Officer Tim Gainsford via our Contact form.

HRI is not responsible for the content of other websites accessed via links from its own website. While HRI strives to maintain up-to-date links to other relevant websites, it is not responsible for the accuracy of these links which may change without our knowledge.

HRI uses external suppliers to provide art unions and games of chance to support our functions and aims. Please see the privacy and other conditions upon which those services are provided at https://hri.charityraffle.com.au/

If you have a query, concern or complaint about how we have collected or handled your personal information, or would like to request access to or a correction of the personal information we hold about you, please get in touch with us via our Contact form.

We will endeavour to address all complaints within a reasonable time. If you are unhappy with the outcome of your complaint, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). You can contact OAIC via:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Online: www.oaic.gov.au
Email: enquiries@oaic.gov.au

We may change or update this Privacy Policy from time to time to keep up-to-date with legal requirements and the way we operate our business. An up-to-date version of this Privacy Policy is available at any time on this page. You are responsible for reviewing this Privacy Policy periodically and informing yourself of any changes. We suggest that you check back regularly. If we make significant changes to our Privacy Policy, we will seek to inform you by notice on our website or by email.

15 August 2023