Cancer Council Shop
Cancer Council WA Cancer Council NT Cancer Council SA Cancer Council QLD Cancer Council NSW Cancer Council ACT Cancer Council NSW Cancer Council VIC Cancer Council TAS

Privacy statement

Cancer Council understands the importance the community places on confidentiality of individuals' personal and/or sensitive information. This extends to the collection and management of information held in our records regarding individuals.

The Privacy Amendment (Private Sector) Act 2000, effective 21 December 2001, sets out guidelines that regulate how private sector organisations should treat personal and/or sensitive information they collect, use, handle or store.

What do the National Privacy Principles do?

The NPPs set minimum standards for:

  • collection, use and disclosure of personal information which could identify a person
  • quality, security and storage of that information
  • giving an individual access to their information
  • transferring information offshore, and 
  • special categories of information such as 'sensitive' information and 'health' information.

What's personal information?

  • Information or an opinion about an individual whose identity is apparent or can be ascertained from that information or opinion.
  • This includes names, addresses, telephone numbers, age and email address.

What's sensitive information?

This includes information about:

  • racial or ethnic origin
  • political opinion or association
  • trade union or professional association membership
  • religious beliefs or philosophical beliefs
  • sexual preferences
  • criminal record
  • health information.

What are the National Privacy Principles?

The National Privacy Principles establish 10 principles to which an organisation must comply in regard to personal and sensitive information.

  1. Collecting information
  2. Using and disclosing information
  3. Data quality
  4. Data security
  5. Openness
  6. Access and correction
  7. Identifiers
  8. Anonymity
  9. Transborder data flow
  10. Sensitive information

1. Collecting information

Personal and sensitive information is only collected as is reasonably necessary to enable Cancer Council to maintain its activities and deliver services to the community.

Personal information about an individual should only be collected with the individual's consent. Collection will be undertaken by a method which is fair, lawful and not unreasonably intrusive. Individuals from whom personal information is collected are to be made aware of:

  • Cancer Council contact details
  • the primary purpose for which the information is collected
  • any possible secondary purpose for which the information may be used
  • the names of the organisations or types of organisations to which we disclose information of any nature (if any)
  • the ability of individuals to access the information held on themselves.

2. Using and disclosing information

Information will only be used or disclosed for the primary purpose for which it was collected. In some instances, information provided by individuals may be used to keep them better informed about Cancer Council activities and services, such as by way of a newsletter. Individuals have the right to opt out of receiving such additional mailings.

Personal information about an individual will not be used or disclosed for a secondary purpose unless:

  • the purpose is closely related to the primary purpose and the individual would reasonably expect the information to be used in that way; or
  • the information is health information and its use is necessary for records or statistical analysis relevant to public health; or
  • the individual has consented (recognising the competence to consent); or
  • Cancer Council has a legal obligation to disclose personal information which overrides the provisions of the primary legislation.

Cancer Council will not sell or exchange or release personal information about an individual for commercial gain.

3. Data quality

Reasonable steps will be taken to ensure information collected and used is complete, accurate and up-to-date.

4. Security of information

  • Reasonable steps will be taken to protect personal information from misuse, loss, unauthorised use, modification or disclosure.
  • Personal information will be destroyed or permanently de-identified when it's no longer needed for the purpose for which it was collected.
  • Cancer Council's website uses secure technology for online transactions to protect credit card information.
  • Our websites contain links to other websites. Cancer Council does not accept responsibility for the privacy practices or the content of linked websites.

5. Openness of information

  • This privacy policy setting out our management of personal information will be available on request.
  • Reasonable steps will be taken to allow any person, on request, to ascertain generally what sort of personal information is held, for what purpose, how it was collected, stored and used.

6. Accessibility of information

Information held on individuals is accessible to them on request (except where frivolous and vexatious) and will generally be available free of charge. Reasonable steps will be taken to ensure the information provided is accurate and up-to-date.

7. Identifiers

Identifiers used will be unique to Cancer Council.

8. Anonymity

To the extent possible, individuals will be given the option of not identifying themselves when dealing with Cancer Council.

9. Transborder data flow

Cancer Council will not sell, exchange or release personal information (except when we transfer this information to our national Cancer Council body or other state Cancer Council organisations for the purposes of collaborative work).

10. Sensitive information

Cancer Council doesn't collect sensitive information about individuals unless:

  • we have the consent of the individual; or
  • the information is collected in the course of Cancer Council activities where the individual is in regular contact in relation to those activities and the individual understands that the information will not be disclosed without consent; or
  • the information is necessary for research relevant to public health, compilation or analysis of public health statistics, or the management or monitoring of a health service and that purpose cannot be served by collection of non-identified information and it's impracticable to seek the individual's consent.

Confidentiality

  • Personal and/or sensitive information will be collected and maintained on confidential databases maintained by Cancer Council in support of its activities and service provision.
  • Staff and volunteers who may have access to personal and/or sensitive information in the course of their duties will respect its confidentiality and not disclose the information to any non Cancer Council third party.
  • Breaches of confidentiality by staff will be dealt with in accordance with the conditions of appointment to the staff of Cancer Council.

Grievance procedure relating to the Privacy Act

  1. Complaint registered by an individual. This must be in writing.
  2. Complaint given to the Privacy Manager for assessment and investigation in consultation with the Chief Executive Officer.
  3. Written response sent to individual within 7 days of complaint being received.
  4. If our response is found to be unacceptable to the individual, we may suggest conciliation or arbitration on the matter.
  5. If the individual makes a formal complaint to the Privacy Commissioner, the Chief Executive Officer is to be the respondent on behalf of Cancer Council.


Updated: 01 Aug, 2012